security holes in nis+ for solaris 2.5

security holes in nis+ for solaris 2.5

Post by Sahoo Anirud » Fri, 12 Jul 1996 04:00:00



Are there any known security holes in nis+ for solaris 2.5?

 
 
 

security holes in nis+ for solaris 2.5

Post by Paul Ashto » Fri, 12 Jul 1996 04:00:00



> Are there any known security holes in nis+ for solaris 2.5?

Yes
--
Paul

 
 
 

security holes in nis+ for solaris 2.5

Post by Sahoo Anirud » Fri, 12 Jul 1996 04:00:00


Could you please give details about the security holes in nis+ for solaris 2.5.
To be more specific, how can one break into a solaris 2.5 through holes in
nis+? Is there a web site or some such where I can get some info.

 
 
 

security holes in nis+ for solaris 2.5

Post by Christopher L Ter » Fri, 12 Jul 1996 04:00:00


see http://www.eng.auburn.edu/~doug/nis.html

---------------------------


 
 
 

security holes in nis+ for solaris 2.5

Post by Ray W. Hiltbran » Fri, 12 Jul 1996 04:00:00


The problem was with permsisions on NIS+ tables not being
set securly when using nissetup.  Check the cert archive
for the actual advisory.  ftp.cert.org


> Could you please give details about the security holes in nis+ for solaris 2.5.
> To be more specific, how can one break into a solaris 2.5 through holes in
> nis+? Is there a web site or some such where I can get some info.

--

Engineering Network Services
Auburn University     http://www.eng.auburn.edu/~rayh/rayh.html
   If it doesn't do what you want, subclass and override.
 
 
 

security holes in nis+ for solaris 2.5

Post by Paul Ashto » Sat, 13 Jul 1996 04:00:00


I've reported a significant number of flaws to Sun in both the
design and implementation of NIS+ in Solaris, several months
ago. I'm sure they are doing their best to fix them.

I'm also sure that somebody else must be exploiting them out
there somewhere, so I feel pretty bad in sitting on them.

Here's a hint on a couple of the problems:
If you think regularly changing your password is a good idea,
think again.
You cannot set any set of permissions that make you safe from
some form of Crack.
--
Paul

 
 
 

security holes in nis+ for solaris 2.5

Post by Muyi Ch » Thu, 18 Jul 1996 04:00:00


: I've reported a significant number of flaws to Sun in both the
: design and implementation of NIS+ in Solaris, several months
: ago. I'm sure they are doing their best to fix them.

Uh, so WHY NIS+?

I am setting up a new Solaris 2.5 domain, and will it better use the
traditional NIS rather then NIS+ instead?

//muyi

 
 
 

1. best-of-security mailing list (was: Solaris 2.5 Security Hole: local users can get root)

[Followups set to comp.security.unix & misc since the b-o-s mailing list
 is not solaris/sun-specific but covers all UNIX'es and occasionally other
 platforms.]


|No, I won't send out the exploit script - CERT & Sun already have
|copies as does anyone who gets best-of-security mail.

Several people have asked me for more info about this mailing list -

a message body of "subscribe best-of-security".  The list's purpose is
to serve as "the one and only mailing list busy people need to read"
with readers culling the best & most important items from other mailing
lists & security information sources and sending them on to BOS.  (And
it actually operates somewhere near this - there are times when people
have to be reminded that this is *not* a discussion list or a place to
ask questions, but only a place to report information others need to
know.)

There is an archive of the list available at
        http://www.tryc.on.ca/hypermail/security/
but unfortunately it doesn't seem to have been updated recently.

--
_______________________________________________________________________

The Open Computing Facility at the University of California at Berkeley

2. Are we multitasking yet? (JPG 1of1)

3. Solaris 2.5 Security Hole: local users can get root

4. HELP!! Linux Install Problem: Cannot Seek primary hard drive

5. Solaris 2.3 NIS+ Upgrade to Solaris 2.5 NIS+ Question!

6. Wired memory information in Solaris

7. WWWWAIS 2.5 security holes / replacement for WWWWAIS?

8. Is STB video card on Dell 466 supported?

9. In search of Solaris 2.5 Netscape Navigator 3.0 plug ins

10. Reasonable nis security between Solaris & Linux (was Re: Is nis (yp) a security worry?

11. Secure NFS under Solaris 2.5/2.5.1 without NIS/NIS+ ?

12. Solaris 2.3 w/NIS+ Upgrade to 2.5 w/ NIS+ (Master Server)?

13. NIS+ (Solaris 2.5) / NIS Emulation for AIX 3.2.5