On 5 Aug 98 at 6:24, rdumpat_private wrote: > This deserves passing on. SGI has a patch for the problem, but apparently > hasn't publicized the details. > > ------- > Subject: irix-6.2 "at -f" vulnerability > > The irix-6.2 "at -f" vulnerability was mentioned on BUGTRAQ a while back. [1] > Unfortunately SGI has not issued an advisory on this, nor does it appear > in their security patches list at www.sgi.com as of Aug 4, although a > patch *has* been made available. > > The patch number is 3184 and those with SGI Surfzone IDs can get it > by searching for "3184" at SGI's web site. The top-level description > says it is for 6.4, but the patch README mentions 6.2 bugs which are > patched. Irix 6.5 (6.5-BETA-1274425944) is also vulnerable. "at -f /etc/shadow now + 1 minute" gently mails you the encrypted passwords. ___________________________________________________________________________ Dmitry Yu. Bolkhovityanov BINP RAS
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:31 PDT