Slashdot Mirror


Local Root Vulnerability in passwd(1) on Solaris 8, 9

so-1997-and-1994 writes "There is a new vulnerability in the passwd command on solaris 8 and 9. Looks like a local user privilege escalation is possible. Patch your systems. This not the first nor the last time something like this has shown up."

7 of 283 comments (clear)

  1. Thanks Tim, here's some spam by utahjazz · · Score: 5, Funny

    Sun acknowledges, with thanks, Tim Wort (Tim.Wort@InklingResearch.com) for contacting
    us regarding this issue.


    I'm glad Sun thanked him by publishing his email address on a page now linked directly from the front of Slashdot.

  2. Re:Sigh... by Pond823 · · Score: 5, Funny

    It's ok, I already patched it for you ;)

  3. Finally... by EmagGeek · · Score: 5, Funny

    Some news for nerds that actually matters... :)

  4. Re:What? How does this make sense? by Anonymous Coward · · Score: 5, Funny

    can we please think about these little jabs before tossing them around?

    "Won't somebody please think of the pedants?!"

  5. Intelligent advertising system? by Anonymous Coward · · Score: 5, Funny

    When I first ran into this post, an ad of Sun appeared at the top of Slashdot's page which mentioned:
    "SUN MICROSYSTEMS TECHNOLOGY HELPS TAKE YOU PLACES YOU'VE NEVER BEEN BEFORE."

    Places I've never been before... Rootland?

  6. Re:Solution by ratsnapple+tea · · Score: 5, Funny

    I wasn't sure whether to believe you at first, so I looked it up and it turns out you weren't kidding! This is just too fucking funny.

    Why GNU su does not support the `wheel' group
    (This section is by Richard Stallman.)

    Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keeping it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)

    However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he can tell the rest. The "wheel group" feature would make this impossible, and thus cement the power of the rulers.

    I'm on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.

    Typical RMS.

  7. Re:solaris bashing? by lewp · · Score: 5, Funny

    Sarcasm wasted on clueless reader. Film at eleven.

    --
    Game... blouses.