SECURITY BUG IN INTERACTIVE UNIX SYSV386
Joern Lubkoll
lumpi at dobag.in-berlin.de
Wed Feb 13 09:52:49 AEST 1991
marc at jahangir.UUCP (Marc Rossner) writes:
>> In article <1991Feb11.184130.11321 at jwt.UUCP> john at jwt.UUCP (John Temples) writes:
>> >Yikes. This also works on ESIX-D without a coprocessor, and on ISC 2.0.2
>> >*with* a coprocessor. It failed on Microport 2.2 with a coprocessor.
>> >Now, the question is, what do we do to protect ourselves in the meantime?
>Works like a charm on ISC 2.2 with a 486 -- good thing the only people
>over here that read this newsgroup already know the root password.
>"Feature", indeed! Hope ISC hears a lot about this, if anyone can ever
>get past the 15 minutes it takes their telephone guy to locate you in his
>files before he'll let you discuss anything real.
Set UAREAUS and UAREARW to zero and it won't work any more !
But this works onlu on ISC 2.2 and not on 2.02. No 2.02 system can be
protected !
jl
--
lumpi at dobag.in-berlin.de -- "Nothing is the complete absence of everything."
More information about the Comp.unix.sysv386
mailing list