exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

8lgm-15.txt

8lgm-15.txt
Posted Sep 23, 1999

8lgm-15.txt

SHA-256 | 0b635f37c1a6f04b165aeaca3b7fded1a16c6a7acea2a8a233a5cc6cffd5d68d

8lgm-15.txt

Change Mirror Download

This advisory has been sent to:

comp.security.unix

BUGTRAQ <bugtraq@crimelab.com>
CERT/CC <cert@cert.org>
Sun Microsystems <security-alert@sun.com>

===========================================================================
[8lgm]-Advisory-15.UNIX.mail3.28-Nov-1994


PROGRAM:

SunOS 4.1.x binmail(1)

VULNERABLE OS's:

SunOS 4.1.x

PATCHID:

Tested up to SunOS 4.x SMCC Jumbo PATCH, 94/09/13 Patchid 100224-13

DESCRIPTION:

A hole in binmail(1) allows files to be created as root.

IMPACT:

Any user can become root.

REPEAT BY:

Exploit details will not be available.

DISCUSSION:

A flaw in binmail(1) reported to Sun by 8lgm some time ago, has not
been fixed in the the latest patch. (The latest patch does
fix the tmp file and mailbox creation problems successfully).
Using the src for binmail(1) posted to bugtraq, and the diff
for the latest patch provided to 8lgm by Sun to verify their fix,
we have created a secure binmail(1) for SunOS.

However, as both the diff and source for binmail(1) are covered
by copyright, we cannot post this fix.

We are therefore submitting our source to Sun, who we hope can
then supply a secure binmail(1) in the near future.

WORKAROUND & FIX:

1. Contact your vendor for a patch.

2. The current patch for binmail(1) is the most secure fix
available from Sun, so is recommended for use. If your system
is using a port of BSDs mail.local, we recommend continuing the
use of this.

FEEDBACK AND CONTACT INFORMATION:

8lgm-bugs@bagpuss.demon.co.uk (To report security flaws)

8lgm-request@bagpuss.demon.co.uk (Mailing list additions -
processed automatically;
just send any message)

8lgm@bagpuss.demon.co.uk (Everything else)

System Administrators are encouraged to contact us for any
other information they may require about the problems described
in this advisory.

We welcome reports about which platforms this flaw does or does
not exist on.

NB: 8lgm-bugs@bagpuss.demon.co.uk is intended to be used by
people wishing to report which platforms/OS's the bugs in our
advisories are present on. Please do *not* send information on
other bugs to this address - report them to your vendor and/or
comp.security.unix instead.

8LGM MAILING LIST:

Send any message to 8lgm-request@bagpuss.demon.co.uk and the
address you mail from will automatically be added to the list.

If you need to subscribe to an address you cannot mail from
(eg an alias), send mail to 8lgm@bagpuss.demon.co.uk and request
to be added to the list. Due to our mail volume, we appreciate
it if you can use 8lgm-request instead; thus if you need to
subscribe an alias, please look into using, say sendmail -f,
if possible.

8LGM FILESERVER:

All [8LGM] advisories may be obtained via the [8LGM] fileserver.
For details, 'echo help | mail 8lgm-fileserver@bagpuss.demon.co.uk'
===========================================================================

--
-----------------------------------------------------------------------
$ echo help | mail 8lgm-fileserver@bagpuss.demon.co.uk (Fileserver help)
8lgm-bugs@bagpuss.demon.co.uk (To report security flaws)
8lgm-request@bagpuss.demon.co.uk (Request to be added to list)
8lgm@bagpuss.demon.co.uk (General enquiries)


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close