Merit Joint Technical Staff
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: SunOS 4.1.1 Security hole
- From: Mark Knopper
- Date: Wed Sep 11 00:25:42 1991
I have sent a query to the CERT (computer emergency response team)
at Carnegie Mellon University to find out if this is a known problem
and if steps are being taken to resolve this. Presumably it should
be known throughout the internet community, people should know how
to edit this file to avoid the problem, and Sun should be convinced
to stop releasing their system this way in new releases. I'll let
you know if they respond.
Mark
> From: "Larry J. Blunk" <ljb@merit.edu>
> To: mts@merit.edu
>
>
> There is a serious security hole in SunOS 4.1.1 (and 4.1 I think)
> relating to the initial state of the /etc/hosts.equiv file. I was able to
> break into a number of Suns on MichNet because this file had not
> been changed. To fix this problem, you need to make sure that you do
> not have a '+' alone on a line in the /etc/hosts.equiv file.
>
> Larry J. Blunk
> Merit Network, Inc.
>
- - - - - - - - - - - - - - - - -
|
