I can confirm that the patch 104490-05 is indeed ineffective against at least one root compromise bug. We experienced such a compromise recently even with the latest security patches (including 104490-05) installed. We decided to simply make ufsdump/ufsrestore non-setuid, non-setgid as they are never run by non-root users at our site anyways. Tom Perrine wrote: > > I have two reports from other UC campuses that exploits of the Solaris > ufsrestore bug are being used against *sparc* hosts. > > At least one of the sites reports that patch 104490-05 (Solaris 2.5.1, > sparc arch) was applied on a system that was compromised (presumably > via this method). > > Consider this an *inconclusive* warning that the Sun ufsrestore patch > *may* not be effective. I have a call into Sun on this one. If we > can get the binary of the exploit, it might be interesting. > > [The reporting sites are BCC'ed on this note. If they want to go > public, its up to them.] > > --tep > > -- > Tom E. Perrine (tepat_private) | San Diego Supercomputer Center > http://www.sdsc.edu/~tep/ | Voice: +1.619.534.5000 > Been there, done that, erased the evidence, blackmailed the witnesses... > -- Steven F. Siirila Enterprise Internet Services Office: Lind Hall, Room 130B Academic and Distributed Computing Services E-mail: sfsat_private Office of Information Technology Voice: (612) 626-0244 University of Minnesota Fax: (612) 626-7593
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:27 PDT