The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Zardoz 'Security Digest' - Archives (1989 - 1991)
DOCUMENT: Zardoz 'Security Digest' V1 #18 1989-04-13 (1 file, 1340 bytes)
SOURCE: http://securitydigest.org/exec/display?f=zardoz/archive/118.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT


Date: Thu, 13 Apr 89 17:45:31 PDT
Subject: Security Digest V1 #18

Security Digest Volume 1 Issue 18

subject(s):

            SUN386i login bug
            Risk to Sun 386i users (Taken from Sun-nets mailing list)
            Security hole in 386i login
            possible loss of postings

------------------------------------------------------------------------

Date: Thu, 13 Apr 89 16:47:37 PDT
From: neil (Neil Gorsuch)
Subject: SUN386i login bug

[sent from jmc@ptsfa.PacBell.COM (Jerry Carlin), I had to re-post the
message because of an error on this system, see next message - neil]

The following is from comp.risks. I was 'daemon' in two minutes after
starting to look around so finding the bug is easy. Its time to bash SUN
for putting in such a trap door.

------------------------------
RISKS-LIST: RISKS-FORUM Digest  Wednesday 12 April 1989   Volume 8 : Issue 55
------------------------------
Subject: Risk to Sun 386i users (Taken from Sun-nets mailing list)

DISCLAIMER: I merely receive Sun-nets because I am assistant admin here.
I have no way to verify the accuracy of this report, but thought it
should be distributed.  People wanting more information should contact
Mike O'Conner directly.             --Alan Wexelblat

From: oconnor@sccgate.scc.com (Mike O'Connor)
Subject: Security hole in 386i login

The login program supplied by Sun for its 386i machines accepts an argument
which bypasses authentication.  It was apparently added in order to allow
the Sun program "logintool" to do the authentication and have login do the
housekeeping.  This allows any user who discovers the new argument to the
login program to become root a couple of ways.

ps:  Mike Rigsby (rigsby@ctc.contel.com) tells me that at a 386i SOS
     administration class he attended, he was informed that this access path
     was a design feature put in for forgetful administrators but that the
     class was told to keep it a secret.  I find this surprising, if true,
     since this is the OS that Sun claims "meets the spirit of C2
     specifications."  Then again, maybe I understand even less of the C2
     specs than I thought I did.

------------------------------------------------------------------------

Date: Thu, 13 Apr 89 16:54:43 PDT
From: neil (Neil Gorsuch)
Subject: possible loss of postings

[ I upgraded this system to Sunos 4.0 over the weekend, and just noticed
that some of postings to security-request and security might have been
lost due to a mailer error.  If you sent anything to security-request
in the last two weeks that has not been answered, it would probably be a good
idea to send it again.  Likewise, if you posted anything to security
in the last two weeks, and don't see it in this digest, please send it
again. - neil ]

------------------------------------------------------------------------

        End of Security Digest Volume 1 Issue 18
        **********************


END OF DOCUMENT