Great Circle Associates Firewalls
(August 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: IRIX 5.2 Security Advisory
From: Dave Sill <de5 @ de5 . CTD . ORNL . GOV>
Organization: Oak Ridge National Lab, Oak Ridge, Tenn., USA
Date: Tue, 9 Aug 1994 11:03:04 -0400
To: Steve Kotsopoulos <steve @ ecf . toronto . edu>
Cc: bugtraq @ crimelab . com, firewalls @ GreatCircle . COM
In-reply-to: <94Aug9 . 094422edt . 11795 @ cannon . ecf . toronto . edu>
Newsgroups: comp.sys.sgi.admin, comp.sys.sgi.bugs
References: <Cu3Kx4 . Lty @ ecf . toronto . edu> <94Aug9 . 094422edt . 11795 @ cannon . ecf . toronto . edu> 
Steve Kotsopoulos wrote:
>
>: There is no way to know if someone has exploited the bug. It's such
>: a quiet little hole that it doesn't leave a mark anywhere. You don't
>: even have to logon to exploit it. That's how bad it is.

Wait a minute, they said the bug could be exploited without logging in?
The original notice said:

]A potential vulnerability has been discovered in the IRIX 5.2 operating
]system which would enable an unprivileged user to become an active
]root user.                                ~~~~

So which is it?

Also, here's one I tried to send out while bugtraq was on hiatus.
/usr/sbin/colorview is setuid root and can be used to read any file on
the system (e.g., /etc/shadow) with the "-text" option.  Affects IRIX
5.2 at least.

-Dave
References:
Indexed By Date Previous: Re: spotting PROMISC on Solaris
From: long-morrow @ CS . YALE . EDU (H Morrow Long)
Next: Firewalls related mailing lists
From: mike @ sirius . iotek . ns . ca
Indexed By Thread Previous: Re: IRIX 5.2 Security Advisory
From: Steve Kotsopoulos <steve @ ecf . toronto . edu>
Next: Re: IRIX 5.2 Security Advisory
From: "Jim Littlefield" <little @ ragnarok . hks . com>
Google
 
Search Internet Search www.greatcircle.com