That bug has never been truly fixed. It should be fixed by Solaris 7 5/99 (hw2). Just taking changeing the permissions on /vol will also fix the problem. chmod a-w /vol/* Stefan On Wed, 7 Apr 1999, Russell Van Tassell wrote: > Forgive me as I just started playing with Solaris 7 and don't recall > seeing this yet posted to Bugtraq. > > It would appear as though an old bug with the OpenWeirdos File Mangler > has crept up again in Solaris 7 (I believe patch 106222-01 was supposed > to fix it back in Solaris 2.6 (and 106224-01 in Solaris 2.5.1)). Very > basically, using ff.core it is possible for a normal user to overwrite > arbitrary files on the system (that would include things like /etc/shadow) > and do serious damage to the system (I will leave that exercise to the > reader). > > Admins should remove the setuid and setgid bits from ff.core. > > Regards, > Russell > > > -- > Russell M. Van Tassell > russellat_private >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:01 PDT