[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: /usr/bin/solstice under solaris 5.5
From:       Casper Dik <casper () holland ! Sun ! COM>
Date:       1996-10-19 11:28:11
[Download RAW message or body]

>/usr/bin/solstice is a program launcher under solaris 2.5
>Unfortunately, for some reason, it is distributed set-gid bin,
>and politely launches any programs without revoking this.
>The exploit:


This is a well known bug which has already been discussed here at length.
/usr/bin/solstice was first shipped with SOlaris 2.5/SunOS 5.5 so older
versions are not at risk.

These patches fix the bug, alternatively you can just remove the set-gid bit.

103245-07: Solaris 2.5_x86: admintool patch
103247-07: SunOS 5.5: admintool patch
103558-05: SunOS 5.5.1: admintool fixes for security and missing swmtool options
103559-05: SunOS 5.5.1_x86: admintool fixes for security/missing swmtool options
103560-05: SunOS 5.5.1_ppc: admintool fixes for security/missing swmtool options

[prev in list] [next in list] [prev in thread] [next in thread]