SECURITY BUG IN INTERACTIVE UNIX SYSV386
Karl Denninger
kdenning at pcserver2.naitc.com
Wed Feb 13 09:23:41 AEST 1991
In article <KR3NBQQ at dobag.in-berlin.de> lumpi at dobag.in-berlin.de (Joern Lubkoll) writes:
>It was a long process of thoughts about this, but now, after half
>a year of disput with interactive, here it finally is:
>
>--- jl
>
>Hello you at Interactive Systems Coporation !
>
>it seems that your very cute interactive unix System has a nice bug !
>
>EVERYONE you has access to a shell and a compiler or an interactive
>System at home (to upload binaries) CAN BECOME ROOT.
.... details deleted.
I have confirmed this here......
It is a VERY nasty bug. I highly suggest that all of you out there who have
ISC complain immediately to Interactive AND Kodak.
All of the systems here on ISC have coprocessors, so the bug can be worked
around. Those of you without coprocessors are hosed, folks. Yes, you too
can really become root in a few minutes.....
Needless to say, I am most disappointed with ISC on this one. I am even
more disappointed with the apparent fact that they seem to have known about
this for quite some time, and ignored it.
Well, now it can't be ignored.
--
Karl Denninger - AC Nielsen, Bannockburn IL (708) 317-3285
kdenning at nis.naitc.com
"The most dangerous command on any computer is the carriage return."
Disclaimer: The opinions here are solely mine and may or may not reflect
those of the company.
More information about the Comp.unix.sysv386
mailing list