Re: Looking for Info

From: Pete Rotheroe (protheroe@paladintek.com)
Date: Mon Jul 29 2002 - 14:42:47 EDT


John,

There is a known buffer overflow in Solaris (pre 8) which would affect 2.6.

See advisory 12/12/01

CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login

for more details.

Supposedly this vulnerability provides remote root access when correctly
exploited.

I believe Sun provided patches for this issue shortly after the advisory
was issued.

Pete Rotheroe
Paladin Technologies, Inc.

Rovert John F DLVA wrote:

>Greetings
>
> I have, what I hope is a simple question.
>
> We are running PVCS Dimensions 6.0 SP2
> from Merant.
>
> I am currently embroiled in a rather heated
> discussion with management about possible
> user threats to the above package.
>
> Does anyone have any experience pen-testing
> this, or know of any attacks that may
> allow root access to the underlying system?
>
> The above is on a Sun Ultra Enterprise
> running Solaris 5.6
>
> Thanks in advance for any information
>
>John F. Rovert
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT