Re: Sun Solaris login bug patches out

From: Taylor Huff (thuff@raytheon.com)
Date: 12/20/01


Date: Thu, 20 Dec 2001 14:49:36 -0500
From: Taylor Huff <thuff@raytheon.com>
To: John Nemeth <jnemeth@victoria.tc.ca>

You could use the nessus "binlogin_overflow_telnet.nasl" script to verify
if your system is vulnerable. Also a quick way to check for SysV option
capabilities is to type "login", then enter "root testenv1=test" at the
login: prompt. Supply your root passwd, and look for the "testenv1"
environment variable. If it is set, then your copy of /bin/login supports
SysV options, and is probably
vulnerable.

http://www.nessus.org/nasl/binlogin_overflow_telnet.nasl

v/r
Taylor

John Nemeth wrote:

> On May 11, 6:11am, "Kain, Becki (B.)" wrote:
> }
> } Not to sound doomish, but once we've applied these patches, is there
> } a test we can do to see if the vulnerability is gone?
>
> Have you received any answers? I'm actually looking for an
> exploit test for another reason. There has been no discussion about
> whether machines running SunOS 5.5 or older are vulnerable. However, I
> find it highly unlikely that SunOS 5.5 wouldn't be vulnerable when
> SunOS 5.5.1 is, since 5.5 does have the /bin/login env var feature.
> The lack of official comment makes me think that perhaps 5.5 has
> reached EOSL (although, I haven't seen any comments to that effect
> either).
>
> }-- End of excerpt from "Kain, Becki (B.)"