Great Circle Associates Firewalls
(August 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: IRIX 5.2 Security Advisory
From: "Jim Littlefield" <little @ ragnarok . hks . com>
Date: Tue, 9 Aug 1994 16:57:11 -0400
To: Dave Sill <de5 @ de5 . CTD . ORNL . GOV>, Steve Kotsopoulos <steve @ ecf . toronto . edu>
Cc: bugtraq @ crimelab . com, firewalls @ GreatCircle . COM
In-reply-to: Dave Sill <de5 @ de5 . CTD . ORNL . GOV> "Re: IRIX 5.2 Security Advisory" (Aug 9, 11:03am)
References: <Cu3Kx4 . Lty @ ecf . toronto . edu> <94Aug9 . 094422edt . 11795 @ cannon . ecf . toronto . edu> <199408091503 . LAA27299 @ de5 . CTD . ORNL . GOV> 
On Aug 9, 11:03am, Dave Sill wrote:
: Steve Kotsopoulos wrote:
: >
: >: There is no way to know if someone has exploited the bug. It's such
: >: a quiet little hole that it doesn't leave a mark anywhere. You don't
: >: even have to logon to exploit it. That's how bad it is.
:
: Wait a minute, they said the bug could be exploited without logging in?

Seems possible. The xdm login window has a "Help" button. I assume that the
hole is accessed via the help window.

-- 

Jim Littlefield  <little @
 hks .
 com>      I prefer caffeine free, clear, diet Jolt.
Follow-Ups:
References:
Indexed By Date Previous: Re: IRIX 5.2 Security Advisory
From: max @ gac . edu
Next: Re: Right firewall platform
From: Michael Ellis <mkellis @ ritz . mordor . com>
Indexed By Thread Previous: Re: IRIX 5.2 Security Advisory
From: Dave Sill <de5 @ de5 . CTD . ORNL . GOV>
Next: IRIX 5.2 Security Advisory - Mystery Solved
From: Paul Walmsley <ccshag @ sgi2 . phlab . missouri . edu>
Google
 
Search Internet Search www.greatcircle.com