lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200702132015.l1DKFbrN029667@vaticaan.holland.sun.com>
Date: Tue, 13 Feb 2007 21:15:37 +0100
From: Casper.Dik@....COM
To: Michael Wojcik <Michael.Wojcik@...rofocus.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: [BLACKLIST] [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork? 


>It's a bug.  I recall it being found and fixed in AIX many years ago.
>Embarassing for Sun that it's still in Solaris, though.

It's not "still" in Solaris; it's the first time it occurred in
Solaris; it is stupid it did but it's a typical programming error:
passing unchecked arguments to a program without escaping special
characters.

>A quick Google search found Usenet postings about it from 1994; I'm sure
>it was known well before then.

As far as I remember, the "-f" option to login was a BSDism (4.4?);
it did not exist in platforms derived from earlier BSDs when it came
to rlogin/rshd.

The original rlogind would either run the protocol in in.rlogind and
skip login or the protocol was implemented in login itself.

Later, the protocol processing was put in rlogind but it always went
through login.

This code then was reimplemented by an IBM employee in AIX and later
also, by the same person, for Linux, giving rise to the first occurrence
of the -froot bug.

Solaris did add the -f option to login much later but it wasn't
until a complete integration of ktelnet was done that this bug arose
in Solaris 10.

It's just a very usual (and unfortunate) reimplementation of the same bug.

Casper

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ