Re: irix-6.2 "at -f" vulnerability

From: Liam O. Forbes (lforbesat_private)
Date: Wed Aug 12 1998 - 16:15:04 PDT

Next message: John McDonald: "solaris 2.x rdist exploit / too many humbles :p"

Previous message: Dean Gaudet: "Re: Apache DoS Attack"
Maybe in reply to: Richard Johnson: "irix-6.2 "at -f" vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael S Kluskens wrote:
>
> >> -------
> >> Subject: irix-6.2 "at -f" vulnerability
> >>
> >
> >for irix 6.2 the patch is 2866 or its current successor 3182 (buried in what
> >is called a "commands patch  + y2k"
> >
>
> On our IRIX 6.2 system patched with 2866, this vulnerability still exists.
>
> Michael

On our systems, patched with 3182, the problem appears to be fixed.  Using at -f
on a file which you don't have permission to read, results in a you don't have
permissions message.  Funny how that makes sense.

--
Liam Forbes     lforbesat_private        http://www.arsc.edu/~lforbes
Box 756020      910 Yukon Dr. Suite 106 Fairbanks Ak 99775-6020
907-474-1898    fax: 907-474-5494       check web page for PGP key
High Performance Computing Systems Programmer/Analyst I
The software said Windows 95 or better, so I installed Linux

Next message: John McDonald: "solaris 2.x rdist exploit / too many humbles :p"
Previous message: Dean Gaudet: "Re: Apache DoS Attack"
Maybe in reply to: Richard Johnson: "irix-6.2 "at -f" vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:25 PDT