Re: SCO POP remote root exploit

To: BUGTRAQ@xxxxxxxxxxxx
Subject: Re: SCO POP remote root exploit
From: Bela Lubkin <belal@xxxxxxx>
Date: Thu, 16 Jul 1998 16:03:58 -0700
Approved-by: aleph1@DFW.NET
Reply-to: Bela Lubkin <belal@xxxxxxx>
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxx>

A fixed binary is now available in the SCO Security Enhancements
directory on ftp.sco.com:

  ftp://ftp.sco.com/SSE

Get files README and sse013.*.  Check the README for other supplements
that you should also have, depending on your OS release.

The popper fix applies to SCO OpenServer 5.0.0 through 5.0.4, SCO
Internet FastStart 1.0.0 and 1.1.0.  The popper in UnixWare 7 and in
UnixWare 2.x-based Internet FastStart is based on completely different
source and doesn't have this set of problems.

>Bela<

PS: interesting case study.  A friend of mine runs an OSR5 public access
    system.  When this exploit was posted, I immediately broke root on
    his system with it.  I then disabled popper and told him about it.
    He installed a fixed popper binary.  In the succeeding 24 hours,
    syslog showed 5 separate attempts from around the world -- none of
    which succeeded.

    The problem which caused this vulnerability has been well known for
    2-3 weeks.  But until a "no brainer" attack was made available,
    actual attacks weren't happening.

Prev by Date: Re: Verity/Search'97 Security Problems
Next by Date: CIAC Bulletin I-071: OpenVMS loginout Vulnerability
Previous by thread: Re: SCO POP remote root exploit
Next by thread: Finger bounce and DoS still exists in IRIX 6.3 and 6.4
Index(es):
- Date
- Thread