A patch is in the works and should be available soon. thanks for the heads up. Steve > To: steven.goldberg@West > CC: bugtraqat_private > Subject: Re: /usr/dt/bin/dtappgather exploit > Mime-Version: 1.0 > Date: Wed, 18 Mar 1998 18:54:38 -0800 > From: Robert Lau <rslauat_private> > > This happened on a Solaris 2.5.1 box with the latest Sun CDE patches, > including 104498-02. We don't see any more recent patches at sunsolve. > > -r-x--x--x 1 root bin 115708 Jan 7 14:55 bin/dtappgather* > > Yet, they still managed to get the link: > > /var/dt/appconfig/appmanager/generic-display-0 -> /etc/shadow > > The link was owned by the user whose account was compromised. > They got root, replaced ssh and telnet binaries with ones that > logged username/passwords to /usr/include/v9/sys/stdio.h > > We've contacted Sun but this it hasn't made it past first level tech > support... In the meantime, we've removed SUID root on dtappgather. > > Robert Lau > Information Services Division - Core Services > University of Southern California > >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:17 PDT