Re: SUN SOLARIS 5.6/5.7 FTP Globbing Exploit !

From: elliptic (ellipticat_private)
Date: Wed Apr 18 2001 - 01:49:14 PDT

Next message: Ewen McNeill: "Re: Advisory for Xitami 2.4d7, 2.5d4"

Previous message: IBM MSS Advisory Service: "IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp"
In reply to: Warning3: "Re: SUN SOLARIS 5.6/5.7 FTP Globbing Exploit !"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Yes. It is possible that local user can get the part of shadow file in
> Solaris 2.6 since the core file is world readable.

I've tested this default installations of both 2.7 and 2.8, Sparc platform.

The first test was conducted on 2.7, and resulted in a core file being
generated in the $HOME directory of my user.  The file, however, was created
with permissions 0600, root:root owned.

The second test was 2.8 under similar circumstances.  Again, a core file was
generated.  This time, in the root (/) directory.  Same permissions as
previous.

The test was conducted via the local system, telnetting to the ftp daemon
via loopback.

Therefore, it is safe to say these revisions are not vulnerable, as default
permissions do not permit group or public read access.

Cheers,
elliptic

Next message: Ewen McNeill: "Re: Advisory for Xitami 2.4d7, 2.5d4"
Previous message: IBM MSS Advisory Service: "IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp"
In reply to: Warning3: "Re: SUN SOLARIS 5.6/5.7 FTP Globbing Exploit !"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 10:58:34 PDT