[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20020905191156.Q26925@netsys.com>
From: len at netsys.com (Len Rose)
Subject: [kbelanger@...icon.ca: [VulnWatch] vuln in login under solaris]
This is bullshit. I tested this using Solaris 8 just now.
I tested it with both Solaris 8 sparc and Solaris 8 intel.
How can you let this pass, you're a moderated list.
----- Forwarded message from Keven Belanger <kbelanger@...icon.ca> -----
Received: from vikki.vulnwatch.org ([199.233.98.101])
by netsys.com (8.11.6/8.11.6) with SMTP id g85G2CK19967
for <len@...sys.com>; Thu, 5 Sep 2002 12:02:12 -0400 (EDT)
Received: (qmail 24111 invoked by alias); 5 Sep 2002 16:46:11 -0000
Mailing-List: contact vulnwatch-help@...nwatch.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:vulnwatch@...nwatch.org>
List-Help: <mailto:vulnwatch-help@...nwatch.org>
List-Unsubscribe: <mailto:vulnwatch-unsubscribe@...nwatch.org>
List-Subscribe: <mailto:vulnwatch-subscribe@...nwatch.org>
Delivered-To: mailing list vulnwatch@...nwatch.org
Delivered-To: moderator for vulnwatch@...nwatch.org
Received: (qmail 18991 invoked from network); 5 Sep 2002 16:18:35 -0000
X-Authentication-Warning: avd.Logicon.CA: mail set sender to <kbelanger@...icon.ca> using -f
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C254F1.0C94CFE9"
Date: Thu, 5 Sep 2002 11:29:39 -0400
Message-ID: <E32C9069AF5CBC44ABDDDF0D3E1C0735292143@...-vd-dc01.logicon.ca>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: vuln in login under solaris
Thread-Index: AcJU8QwqfnT+ZTzPTtm8WFZxYxpWuQ==
Sensitivity: Company-Confidential
From: "Keven Belanger" <kbelanger@...icon.ca>
To: <vulnwatch@...nwatch.org>
Subject: [VulnWatch] vuln in login under solaris
Name : Keven Belanger
E-mail : kbelanger@...icon.ca
Phone / fax : (819) 825-8049 x7717
Affiliation and address: Logicon inc.
100, des Distributeurs
Val-d'Or (Quebec)
Canada J9P 6Y1
Have you reported this to the vendor? yes
If so, please let us know whom you've contacted:
Date of your report : September 05, 2002
Vendor contact e-mail : security-alert@....com
CERT have been advised too...
Please describe the vulnerability.
---------------------------------
Unlike other unix based OS, when Solaris authenticate the user it let
the user
came in even if the password is not really "correct" Let me explain:
My username is sysadmin
My password is qwerty
If I log on with sysadmin/qwerty it work
If I log on with sysadmin/qwert123 it work too!
We can add any caracter after the currect password and it work!!
What is the impact of this vulnerability?
----------------------------------------
(For example: local user can gain root/privileged access, intruders
can create root-owned files, denial of service attack, etc.)
a) What is the specific impact:
User can gain root access
b) How would you envision it being used in an attack scenario:
User can gain root access via brute force password attack
If the attacker try 8 caracter brute force attack it will for
for password that have less that 8 caracter too, so it can gain
root access faster.
He don't have to try password with 1, 2, 3, 4... caracteres,
try something beetween 8 and 10 et voila...
System : SUN Solaris
OS version : 8 for Sparc and intel, not tested with other version
Verified/Guessed: Verified
For more infoamtion/explanation call me or write a email
K?ven Belanger
Analyste en solutions de s?curit?
Logicon Inc. - Division S?curit?
819.825.8049 x7717
800.567.6399 x7717
----- End forwarded message -----
Powered by blists - more mailing lists