ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #378 [Security hole in 386i login] (1 message, 1115 bytes)
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: email@example.com (Mike O'Connor)
Date: Wed 12:18:49 12/04/1989 EST
Subject: Security hole in 386i login
References: [Thread Prev: 377] [Thread Next: 379] [Message Prev: 376] [Message Next: 379]
The login program supplied by Sun for its 386i machines accepts an argument which bypasses authentication. It was apparently added in order to allow the Sun program "logintool" to do the authentication and have login do the housekeeping. This allows any user who discovers the new argument to the login program to become root a couple of ways. An example of one method is attatched. Our 386is are running version 4.0.1 of Sun OS (SOS). While awaiting a response from Sun we intend to disable logintool and patch the login binary using the "strings" and "adb" method made famous last November. We do not have access to SOS source code and ran across this while attempting to identify another bug in "logintool". I have sent messages containing more or less the same information as contained above to the security mailing list (4/10 1808 EDT) and to the cert mailbox (4/11 1441 EDT). I have yet to receive a response of any kind. I must admit, I was expecting at least an ACK, if not a RTFM. Has this been reported before? Should I have mailed to different mboxes? Am I out in left field? Come in Rangoon, over. Mike O'Connor firstname.lastname@example.org 301-840-4952 | 703-359-0172 ps: Mike Rigsby (email@example.com) tells me that at a 386i SOS administration class he attended, he was informed that this access path was a design feature put in for forgetful administrators but that the class was told to keep it a secret. I find this surprising, if true, since this is the OS that Sun claims "meets the spirit of C2 specifications." Then again, maybe I understand even less of the C2 specs than I thought I did.
END OF DOCUMENT
|ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved.|