solaris7.ff.core.txt

1999-08-17T00:00:00
ID PACKETSTORM:12077
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Date: Wed, 7 Apr 1999 22:11:03 -0700  
From: Russell Van Tassell <russell@CSCORP.COM>  
To: BUGTRAQ@netspace.org  
Subject: Solaris7 and ff.core  
  
Forgive me as I just started playing with Solaris 7 and don't recall  
seeing this yet posted to Bugtraq.  
  
It would appear as though an old bug with the OpenWeirdos File Mangler  
has crept up again in Solaris 7 (I believe patch 106222-01 was supposed  
to fix it back in Solaris 2.6 (and 106224-01 in Solaris 2.5.1)). Very  
basically, using ff.core it is possible for a normal user to overwrite  
arbitrary files on the system (that would include things like /etc/shadow)  
and do serious damage to the system (I will leave that exercise to the  
reader).  
  
Admins should remove the setuid and setgid bits from ff.core.  
  
Regards,  
Russell  
  
  
--  
Russell M. Van Tassell  
russell@cscorp.com  
  
-------------------------------------------------------------------------  
  
Date: Thu, 8 Apr 1999 11:05:48 -0700  
From: Stefan Molnar <stefan@csudsu.com>  
To: BUGTRAQ@netspace.org  
Subject: Re: Solaris7 and ff.core  
  
That bug has never been truly fixed. It should be fixed by Solaris  
7 5/99 (hw2). Just taking changeing the permissions on /vol will  
also fix the problem. chmod a-w /vol/*  
  
Stefan  
  
`