UPDATE: Security hole in Solaris 9 - FALSE

From: Pete (pete@peteland.org)
Date: Thu Apr 03 2003 - 14:13:38 EST

• Next message: Sun Consultant: "Scanning Software for Solaris"
• Previous message: Aaron M. Hirsch: "autofs + cachefs quandry"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All.

My sincerest apologies about my post. There is no bug - turns out, I
didn't realize this (from man passwd)

 Passwords must be constructed to meet the following require-
     ments:

        o Each password must have PASSLENGTH characters, where
           PASSLENGTH is defined in /etc/default/passwd and is
           set to 6. Only the first eight characters are signifi-
           cant.

And I was shocked when a password exceeding that could be changed
around a bit and one could still gain access to the root account.

Once again, my apologies.

- Peter
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Sun Consultant: "Scanning Software for Solaris"
• Previous message: Aaron M. Hirsch: "autofs + cachefs quandry"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:07 EDT