lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <45DC55BA.7050208@adap.org>
Date: Wed, 21 Feb 2007 09:22:50 -0500
From: Edsel Adap <edsel@...p.org>
To: Nate Eldredge <nge@...hmc.edu>
Cc: Michael Wojcik <Michael.Wojcik@...rofocus.com>,
	bugtraq@...urityfocus.com
Subject: Re: Solaris telnet vulnberability - how many on your network?



Nate Eldredge wrote:
> I have now set up a virtual Solaris 8 box to test this with root access, 
> and it appears you are correct.  When run as root, "login -f root" 
> presents a login prompt, just like login without arguments.  So it is 
> not "supported" in the sense of having the Solaris 10 documented behavior.

I tested this as well on a Solaris 8 box.  I did not get the behavior 
you described.

# uname -a
SunOS skyhawk 5.8 Generic_108528-29 sun4u sparc SUNW,Sun-Blade-100
# /bin/login -froot
Not on system console

As you can see, it did not prompt me for a password.  Obviously the -f 
option is recognized and its semantics are implemented.

However telnet could not be used to exploit it in the same was a Solaris 
10 was exploited.

> Using "strings" to look at the getopt option list reveals that an 
> undocumented "-a" option also exists.  I don't know what it does, 
> either. More material for the backdoor conspiracy theorists, I suppose. 
> Fortunately there doesn't appear to be a "-nsakey" option.

As far as the -a option, it does not do anything.  The OpenSolaris 
source says:

case 'a':
    break;

I'm guessing that this behavior is left over from the older versions of 
Solaris.


-- 
Edsel Adap
edsel@...p.org
http://www.adap.org/~edsel/          LINUX - the choice of the GNU 
generation

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ