Date: Thu, 19 Nov 1998 18:39:41 -0800
From: "L. Granquist" <[email protected]>
To: [email protected]Subject: SunOS 4.1.4 Patch #105260-01
#105260-01 is a patch to SunOS 4.1.4's rlogin program, and the
installation instructions as given are insufficient:
----------------------
Patch Installation Instructions:
1) As root, save a copy of the original file:
mv /usr/ucb/rlogin /usr/ucb/rlogin.fcs
2) Copy the new file from the patch directory:
cp rlogin /usr/ucb
chown root.staff /usr/ucb/rlogin
chmod 4755 /usr/ucb/rlogin
------------------------
which, of course, leaves rlogin.fcs still suid root and still exploitable.
SunOS 4.x administrators should find the suid binaries on their machines
and look for old binaries that still have suid bits. If the instructions
from Sun were followed they should be .fcs or .FCS files, but they could
have been named anything by a prior administrator...
find /usr -xdev -type f \( -perm -4000 -o -perm -2000 \) -exec ls -la \{\} \;
passwd, at and sendmail patches may have (or have had at one time) similar
errors in them.
--
Lamont Granquist ([email protected])
