Re: [SRT2001-10] - scoadmin /tmp issues

From: KRFinisterreat_private
Date: Wed May 23 2001 - 10:56:35 PDT

Next message: Juan Manuel Pascual Escriba: "undocumented 3Com Netbuilder II SNMP ILMI commnity"

Previous message: Matt Schalit: "Re: [SRT2001-10] - scoadmin /tmp issues"
Maybe in reply to: Richard Johnson: "[SRT2001-10] - scoadmin /tmp issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am sorry it was a typo the os is as follows.

SCO_SV unixdev 3.2 5.0.5 i386
$ ln -s /etc/passwd /tmp/tclerror.1195.log
$ ls -al /tmp/tclerror.1195.log
 lrwxrwxrwx   1 kevin    supp          11 May 23 13:47
/tmp/tclerror.1195.log -> /etc/passwd



                                                                                       
                    Matt Schalit                                                       
                    <mschalit@pac        To:     Richard Johnson <thiefat_private>   
                    bell.net>            cc:     bugtraqat_private,            
                                         "Recon@Snosoft. Com" <reconat_private>      
                    05/23/01             Subject:     Re: [SRT2001-10] - scoadmin /tmp 
                    01:39 PM             issues                                        
                                                                                       
                                                                                       




Hello Sir:


Richard Johnson wrote:
>
> ======================================================================
> Strategic Reconnaissance Team Security Advisory(SRT2001-09)
> Topic: scoadmin /tmp issues
> Vendor: Santa Cruz Operations
> Release Date: 05/07/01
> ======================================================================

[snip...]

> .: Systems Affected
> Unixware 5.x


  You bring to light various issues with software issued by the
"Santa Cruz Operations" (sic).  I'm sure they would prefer that
you call them by their correct name, the Santa Cruz Operation, or
simple SCO.

  The SCO server division has been acquired by Caldera, and
www.sco.com now points you to Caldera, for those of you who
may not know.


  SCO has two OS lines that have the following release history:

    UnixWare                              OpenServer
  ------------------                --------------------------
   ...                                  ...
   Unixware 2.1.2                       Unix System 5 Release 3.2v4.0
   Unixware 2.1.3                       Unix System 5 Release 3.2.4.2
   Unixware 7.0.0                       OpenServer 5.0.0
   Unixware 7.0.1                       OpenServer 5.0.2
   Unixware 7.1.0                       OpenServer 5.0.4
   Unixware 7.1.1  <-- Current          OpenServer 5.0.5
                                        OpenServer 5.0.6   <--- Current.


I spent about 15 minutes searching the net and the ng's for any reference
to a "UnixWare 5" or a "UnixWare 5.x" that you refer to with no success.

Would you please clarify for the rest of us exactly what OS you
see this problem with.  Please include the output of

      uname -a




> .: Proof of Concept
> ln -s /etc/passwd /tmp/tclerror.1195.log


This doesn't work on UnixWare 7.1.1.

   $ ln -s /etc/passwd /tmp/tclerror.1195.log
   UX:ln: ERROR: Cannot create /tmp/tclerror.1195.log: Not privileged




Regards,
Matthew Schalit
SCO ACE, Maintainer of the Uw7 FAQ.

Next message: Juan Manuel Pascual Escriba: "undocumented 3Com Netbuilder II SNMP ILMI commnity"
Previous message: Matt Schalit: "Re: [SRT2001-10] - scoadmin /tmp issues"
Maybe in reply to: Richard Johnson: "[SRT2001-10] - scoadmin /tmp issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 23 2001 - 18:01:20 PDT