lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040306153358.GA11398@symantec.bugtraq.org>
From: jdyson at bugtraq.org (Jay D. Dyson)
Subject: Re: [VulnWatch] Sun passwd(1) Command Vulnerability

Chris,

The grammar of this alert has left me somewhat curious, and I was wondering if you could take a moment to clarify a few quick questions from a fan of the l0pht, such as myself.

The vulnerability assessment of this is listed as MEDIUM.  Also, the word may is used, instead of will.  So my questions are as follows:

1) Is a bug that yields local root privilages on a widespread commercial Unix only a medium risk?

2) Was atstake unable to verify whether or not this exploitable, hence the "may be exploitable", instead of "A local unprivileged user can gain unauthorized root privileges."

I often find the grammar used in security advisories and briefs to be confusing, and I'm forced to wonder if the wording is deliberate.  Historically, when security companies have made claims that they could not verify, they have been dealt with in a very public, and very humilitating fashion, so I rather suspect that meticulous care is put in the phrasing without making any brash unverified statements, that could cause such embarassment to said company.

Knowing you, and having the utmost respect for your views on full disclosure and the free exchange of information and ideas, I look forward to your response on this matter.

As I stated earlier, I have always been a big fan of The l0pht - and further that nc.exe has forever changed my life.

Incidently, to all the children out there reading the mailing lists - listening to The Crystal Method is acceptable behavior, but using crystal meth is not.

Chris, I look forward to your speedy reply to this email. 

On Fri, Mar 05, 2004 at 11:21:28AM -0500, Chris Wysopal wrote:
> 
> O-088: Sun passwd(1) Command Vulnerability
> 
> [Sun Alert ID: 57454]
> 
> March 2, 2004 22:00 GMT
> --------------------------------------------------------------------------------
> 
> PROBLEM: The passwd command computes the hash of a password typed at
> run-time or the hash of each password in a list. A vulnerability exists in
> this command.
> 
> PLATFORM: Solaris 8, 9 (SPARC and x86 Platforms)
> 
> DAMAGE:  A local unprivileged user may be able to gain unauthorized root
> privileges due to a security issue involving the passwd(1) command.
> 
> SOLUTION: Install the security patch.
> 
> --------------------------------------------------------------------------------
> 
> VULNERABILITY
> ASSESSMENT: The risk is MEDIUM. A local unprivileged user may be able to
> gain unauthorized root privileges.
> 
> --------------------------------------------------------------------------------
> 
> LINKS:
> 
>   CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-088.shtml
> 
>   ORIGINAL BULLETIN: Sun Alert ID: 57454
> http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57454&zone_32=category%3Asecurity

-- 
- -Jay

   (    (                                                        _______
   ))   ))   .-"There's always time for a good cup of coffee"-.   >====<--.
 C|~~|C|~~| (>------ Jay D. Dyson -- jdyson@...traq.org ------<) |    = |-'
  `--' `--'  `-------- Si latinam satis simiis doces, --------'  `------'
              `--- quandoque unus aliquid profundum dicet ---'
	  


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ