Nate Eldredge wrote:
I have now set up a virtual Solaris 8 box to test this with root access,
and it appears you are correct. When run as root, "login -f root"
presents a login prompt, just like login without arguments. So it is
not "supported" in the sense of having the Solaris 10 document
On Mon, 19 Feb 2007, Michael Wojcik wrote:
From: Nate Eldredge [mailto:[EMAIL PROTECTED]
Sent: Friday, 16 February, 2007 21:42
On Sat, 17 Feb 2007, Darren Reed wrote:
Solaris's /bin/login has never supported the "-f" command line
option
until Solaris 10 (RTFM) so this exploit was just plai
> From: Nate Eldredge [mailto:[EMAIL PROTECTED]
> Sent: Friday, 16 February, 2007 21:42
>
> On Sat, 17 Feb 2007, Darren Reed wrote:
>
> >
> > Solaris's /bin/login has never supported the "-f" command line
option
> > until Solaris 10 (RTFM) so this exploit was just plain not possible.
>
> That i
Scott,
On Sat, 17 Feb 2007, Cromar Scott wrote:
I have to wonder if the "old bug" complaints are coming in reference to
one of the following:
http://www.securityfocus.com/bid/3064/info
http://www.securityfocus.com/bid/5531/info
I know that my initial reaction was "haven't I seen this before?"
> I have to wonder if the "old bug" complaints are coming in reference to
> one of the following:
>
> http://www.securityfocus.com/bid/3064/info
> http://www.securityfocus.com/bid/5531/info
My dejavu was of
http://www.cert.org/advisories/CA-1994-09.html
It wasn't hard to find in old email, googl
R. Nemmer
Cc: jf; [EMAIL PROTECTED]; bugtraq@securityfocus.com
Subject: Re: Solaris telnet vulnberability - how many on your network?
>
> Let's taper off this thread. It's getting downright boring.
>
> Thanks,
> Anthony Nemmer
>
We are kind of going around and around,
On 16 Feb 2007 [EMAIL PROTECTED] wrote:
> I believe in the early 90's there was a serious problem discovered in intel
> chips that allowed certain standard code to be run to overflow programs
> arbitrarily and gain access to operating systems in an administrative
> capacity.
>
> Also I remember
On Sat, 17 Feb 2007, Darren Reed wrote:
In some mail from [EMAIL PROTECTED], sie said:
1) This seems like a case of "old code" somehow creeping back in to the
current versions, and that's a phenomenon I've seen happen at a couple of
different places that I've worked at over the years. It's kin
In some mail from [EMAIL PROTECTED], sie said:
>
> 1) This seems like a case of "old code" somehow creeping back in to the
> current versions, and that's a phenomenon I've seen happen at a couple of
> different places that I've worked at over the years. It's kind of a
> special case of version
On Fri, 16 Feb 2007, jf wrote:
There have also been too many times in the past when they have been proven
correct to ignore the possibility any longer.
Hi, in what instances has the conjecture that a bug was a deliberate
backdoor been proven correct?
If Peter is crying WOLF all the time. Th
I believe in the early 90's there was a serious problem discovered in intel
chips that allowed certain standard code to be run to overflow programs
arbitrarily and gain access to operating systems in an administrative capacity.
Also I remember the redhat (back in the day) repository being hacked
yfocus.com
> Subject: RE: ***PossibleSPAM*** Re: Re: Solaris telnet vulnberability - how
> many on your network?
>
> Ken Thompson pulled a famous prank back in the old days. He refers to
> it in the following:
>
> http://www.acm.org/classics/sep95/
>
> I've hea
Let's taper off this thread. It's getting downright boring.
Thanks,
Anthony Nemmer
jf wrote:
I believe in the early 90's there was a serious problem discovered in intel
chips that allowed certain standard code to be run
to overflow programs arbitrarily and gain access to operating systems in
Let's taper off this thread. It's getting downright boring.
Thanks,
Anthony Nemmer
We are kind of going around and around, but there's a couple of
aspects to this that haven't even been talked about:
1) This seems like a case of "old code" somehow creeping back in to the
current versions,
> I believe in the early 90's there was a serious problem discovered in intel
> chips that allowed certain standard code to be run
> to overflow programs arbitrarily and gain access to operating systems in
> an administrative capacity.
>
> Also I remember the redhat (back in the day) repository b
I wonder if that's the attitude the NSA and CIA had before the world trade
centre came down ?
The idea isn't world domination via telnet, but infamy via one malicious act.
You cannot ever really trust code that you don't write yourself.
You can run around with fantasies of world domination via
http://www.acm.org/classics/sep95/
Thanks to Cromar Scott for the link.
Great anecdotes there.
I especially liked his comments about companies "You cannot trust code that you
didn't totally create yourself. (Especially code from companies that employ
people like me)."
Exactly the thought that
> There have also been too many times in the past when they have been proven
> correct to ignore the possibility any longer.
Hi, in what instances has the conjecture that a bug was a deliberate
backdoor been proven correct?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 10:07 AM
To: bugtraq@securityfocus.com
Subject: Re: Re: Solaris telnet vulnberability - how many on your
network?
On Tue, 13 Feb 2007, Gadi Evron wrote:
>IMO fixing security bugs at sh
On Thu, 15 Feb 2007, Damien Miller wrote:
> On Tue, 13 Feb 2007, Gadi Evron wrote:
>
> > We all agree it is not a very likely possibility, but I wouldn't rule it
> > out completely just yet until more information from Sun becomes
> > available.
>
> What more information do you need? You have an a
On Tue, 13 Feb 2007, Gadi Evron wrote:
>> We all agree it is not a very likely possibility, but I wouldn't rule it
>> out completely just yet until more information from Sun becomes
>> available.
>What more information do you need? You have an >advisory, access to the
>source code, access to the
wow reminds me of back in the day ... haven't seen one of these in years.
Thefinn
In some mail from Joe Shamblin, sie said:
> How about just uncommenting the following from /etc/default/login
>
> # If CONSOLE is set, root can only login on that device.
> # Comment this line out to allow remote login by root.
> #
> CONSOLE=/dev/console
>
> Not a fix to be sure, but at least pre
On Tue, 13 Feb 2007, Gadi Evron wrote:
> We all agree it is not a very likely possibility, but I wouldn't rule it
> out completely just yet until more information from Sun becomes
> available.
What more information do you need? You have an advisory, access to the
source code, access to the change
On Monday 12 February 2007 07:00, Gadi Evron wrote:
> Update from HD Moore:
> "but this bug isnt -froot, its -fanythingbutroot =P"
Confirmed.
If the server permits logins from outside (maybe via SSH only - protection
provided by a local or network) and has telnetd enabled any user can login
as
[EMAIL PROTECTED] wrote:
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV.
>> The simplest possible fix on such short notice:
>>
>> http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-inet/usr.sbin/in.telnetd.c
?r2=3629&r1=2923
>>
>> Casper
>
>
>How about just uncommenting the following from /etc/default/login
>
># If CONSOLE is set, root can only log
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
>
> >Yeah, a backdoor is a remote possibility. But it's also an arbitrary and
> >needlessly complex one. Maybe it's a nefarious plot by our UFO-appointed
> >shadow government, but chances are, it's not (they have better things to
> >do today).
>
> And
>Yeah, a backdoor is a remote possibility. But it's also an arbitrary and
>needlessly complex one. Maybe it's a nefarious plot by our UFO-appointed
>shadow government, but chances are, it's not (they have better things to
>do today).
And one which was too easy to discover; real back doors are bet
>On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
>>
>> >On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
>> >>
>> >> >
>> >> >Am I missing something? This vulnerability is close to 10 years old.
>> >> >It was in one of the first versions of Solaris after Sun moved off of
>> >> >the SunOS BSD platform
On Tue, 13 Feb 2007, Gadi Evron wrote:
> On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
> >
> > >On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
> > >>
> > >> >
> > >> >Am I missing something? This vulnerability is close to 10 years old.
> > >> >It was in one of the first versions of Solaris after Su
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
>
> >On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
> >>
> >> >
> >> >Am I missing something? This vulnerability is close to 10 years old.
> >> >It was in one of the first versions of Solaris after Sun moved off of
> >> >the SunOS BSD platform and over
>On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
>>
>> >
>> >Am I missing something? This vulnerability is close to 10 years old.
>> >It was in one of the first versions of Solaris after Sun moved off of
>> >the SunOS BSD platform and over to SysV. It has specifically to do w=
>> >ith
>> >how argu
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
>
> >
> >Am I missing something? This vulnerability is close to 10 years old.
> >It was in one of the first versions of Solaris after Sun moved off of
> >the SunOS BSD platform and over to SysV. It has specifically to do w=
> >ith
> >how arguments are
Hi,
Solaris is now Open Source, so you can see yourself at
http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-in
et/usr.sbin/in.telnetd.c?r2=3629&r1=2923
what the problem and its resolution are.
There are also the blogs by Alan Hargreaves from SUN Australia at
http://blogs.sun.
On Tue, 13 Feb 2007, Gadi Evron wrote:
> I have to agree with a previous poster and suspect (only suspect) it
> could somehow be a backdoor rather than a bug.
You're attributing malice to what could be equally well (or better!)
explained by incompetence or gross negligence. The latter two haunt l
>
>Am I missing something? This vulnerability is close to 10 years old.
>It was in one of the first versions of Solaris after Sun moved off of
>the SunOS BSD platform and over to SysV. It has specifically to do w=
>ith
>how arguments are processed via getopt() if I recall correctly.
You're conf
one mentioned on DSHIELD.
Gadi.
>
> Oliver
>
> -Original Message-
> From: Gadi Evron [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 13, 2007 1:46 AM
> To: Oliver Friedrichs
> Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
> Subje
On Mon, 12 Feb 2007, Oliver Friedrichs wrote:
>
> Am I missing something? This vulnerability is close to 10 years old.
> It was in one of the first versions of Solaris after Sun moved off of
> the SunOS BSD platform and over to SysV. It has specifically to do with
> how arguments are processed v
: Oliver Friedrichs
Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: RE: Solaris telnet vulnberability - how many on your network?
On Mon, 12 Feb 2007, Oliver Friedrichs wrote:
>
> Am I missing something? This vulnerability is close to 10 years old.
> It was in o
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV. It has specifically to do with
how arguments are processed via getopt() if I recall correctly.
Oliver
-Origin
41 matches
Mail list logo
