Re: /usr/dt/bin/dtappgather exploit

From: Steven Goldberg - SE - Seattle WA (steven.goldbergat_private)
Date: Thu Mar 19 1998 - 11:51:54 PST

Next message: Kit Knox: "Ascend Kill II - Fix Now Available"

Previous message: Lloyd Vancil: "Re: IE 4 Bug (Crash with frames)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A patch is in the works and should be available soon.

thanks for the heads up.

Steve


> To: steven.goldberg@West
> CC: bugtraqat_private
> Subject: Re: /usr/dt/bin/dtappgather exploit
> Mime-Version: 1.0
> Date: Wed, 18 Mar 1998 18:54:38 -0800
> From: Robert Lau <rslauat_private>
>
> This happened on a Solaris 2.5.1 box with the latest Sun CDE patches,
> including 104498-02.  We don't see any more recent patches at sunsolve.
>
>   -r-x--x--x   1 root     bin       115708 Jan  7 14:55 bin/dtappgather*
>
> Yet, they still managed to get the link:
>
>   /var/dt/appconfig/appmanager/generic-display-0 -> /etc/shadow
>
> The link was owned by the user whose account was compromised.
> They got root, replaced ssh and telnet binaries with ones that
> logged username/passwords to /usr/include/v9/sys/stdio.h
>
> We've contacted Sun but this it hasn't made it past first level tech
> support...  In the meantime, we've removed SUID root on dtappgather.
>
> Robert Lau
> Information Services Division - Core Services
> University of Southern California
>
>

Next message: Kit Knox: "Ascend Kill II - Fix Now Available"
Previous message: Lloyd Vancil: "Re: IE 4 Bug (Crash with frames)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:17 PDT