Berkeley CSUA MOTD:Entry 45719
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2019/07/23 [General] UID:1000 Activity:popular
7/23    

2007/2/12 [Computer/SW/OS/Solaris, Computer/SW/Unix] UID:45719 Activity:nil 75%like:45716 50%like:45722
2/12    Trivial remote root exploit in Solaris 10 and 11.  AWESOME!
        http://isc.sans.org/diary.html?storyid=2220 -dans
2019/07/23 [General] UID:1000 Activity:popular
7/23    

You may also be interested in these entries...
2010/2/8-18 [Computer/SW/Apps, Computer/SW/Apps/Media] UID:53695 Activity:kinda low
2/5     I like Adobe Flash. When written correctly, it scales along
        with your browser size. It looks consistent on every single
        browser. It is predictable. On the other hand, I'm not a big
        fan of CSS/HTML, which for the most part, look wildly different
        between browsers, and don't even work consistently or
        correctly at times. So why do so many people (like Steve Jobs)
	...
2009/10/27-11/3 [Computer/SW/Unix] UID:53475 Activity:nil
10/27   http://www.maxgames.com/play/flash-mind-reader.html
        how does this work?
        \_ sh -c 'for ((i=0;i<10;i++)); do for ((j=0;j<10;j++)); do echo "$i$j-(\
$i+$j)" | bc; done ; done' | uniq
        \_ bash -c 'for ((i=0;i<10;i++)); do for ((j=0;j<10;j++)); do echo "$i$j\
-($i+$j)" | bc; done ; done' | uniq
	...
2009/4/20-23 [Computer/SW/Database] UID:52876 Activity:nil
4/19    ORCL u SUNW = ORCL.
        What is Larry Ellison thinking? What is he going to do with a bunch of
        legacy Sun hardware that no one uses anymore, its fading workstation
        customer base, and open source Sun MySQL that doesn't even generate
        revenue? I really don't get all this acquisition business.
        \_ A lot of big companies still use big, fat Sun hardware. Or use
	...
2009/1/15-23 [Computer/SW/OS/OsX] UID:52398 Activity:nil
1/15    can any serious development be done on OSX that is not *for OSX*.
        i'll grant that ruby on rails has excellent tutorials for the mac.
        discuss:
        \_ What kind of serious development?  If you want to use the standard
           OSX ui then your ui code will be pretty much useless elsewhere,
           but that's why concepts like MVC are so important.  Otherwise
	...
2008/11/29-12/6 [Computer/SW/OS/FreeBSD, Computer/SW/OS/VM] UID:52129 Activity:moderate
11/29   I'm experimenting with virtualization, and as a poor college student
        I'm wondering what the best alternatives for virtualization are, and
        how best to cut my teeth on messing with non-linux platforms (or I
        guess interesting stuff on Linux would work too). Right now I've got
        FreeBSD7 running on KVM on my home computer (on a Core 2 Quad), and am
        somewhat at a loss as to how to use it. (More details: bridged
	...
2008/11/14-26 [Computer/SW/Languages/Java, Computer/SW/OS/Solaris] UID:51970 Activity:moderate
11/13   http://sfgate.com/cgi-bin/article.cgi?f=/n/a/2008/11/14/financial/f051352S72.DTL
        http://preview.tinyurl.com/6nngpm
        Sun Microsystems Inc. plans to cut up to 6,000 jobs, or 18 percent of
        its global work force, as sales of its high-end computer servers have
        collapsed.  The drastic move announced Friday highlights Sun's
        desperation to cut costs and survive as an independent company. Sun's
	...
2008/11/14-26 [Computer/SW/OS/Linux, Computer/SW/OS/Solaris] UID:51989 Activity:moderate
11/14   lulz why doesn't GOOG buy JAVA i mean SUN i mean whatever the hell they
        are these days.
        \_ Even GOOG isn't THAT stupid
           \_ Sorry, but WHY would Google do something like that? They
              run 99.2% Linux servers on the backend. They don't use
              Solaris for development. I mean, what does Sun have to
	...
2008/9/24-29 [Computer/SW/OS/Windows, Computer/SW/OS/Solaris] UID:51283 Activity:nil
9/24    Why is nscd going crazy?  DoS?
        \- back in the solaris say 2.5-2.6 era, it had both some bugs
           (some malformed nis maps made it go crazy) and architectural
           flaws in the IPC/door+threading mechanism. if you are running
           OS-recent, dunno, but you can trace it.
           \_ Yeah, I think it's just buggy.  I've restarted it, and it seems
	...
2008/4/3-9 [Computer/SW/Languages/Misc, Computer/SW/OS/Solaris] UID:49658 Activity:nil
4/3     Solaris experts: I've never played with ZFS. Does it have a native
        dump command a la ufsdump?
        \_ This might be what you are looking for:
           http://preview.tinyurl.com/2xqkda [sun - bigadmin]
	...
2008/3/30-4/6 [Computer/SW/OS/Solaris] UID:49614 Activity:nil
3/30    Question: I just deleted 60 GB of files from an 80 GB disk. The
        disk activity lights were blinking like crazy and I could hear the
        drive crunch while the data was deleted. This is under Solaris.
        Anyway, I think UNIX uses unlink() when files are deleted. Shouldn't
        it just update the free list on the superblock and call it a day?
        What is all the crunching about?
	...
2007/11/27-30 [Computer/SW/Languages/C_Cplusplus, Computer/SW/OS/Solaris] UID:48701 Activity:high
11/27   I'm using select to do a nonblocking check to see if a single socket
        has anything to read off it.  Problem is, I can have up to 12228
        file descriptors, and Linux fd_set only supports up to 4096.  Any idea
        what I can do about this?  (Or a better solution?) -jrleek
        \- 1. who are you
           2. i am busy this week and you didnt mention language
	...
2012/9/20-11/7 [Finance/Investment, Computer/SW/Unix] UID:54482 Activity:nil
9/20    How do I change my shell? chsh says "Cannot change ID to root."
        \_ /usr/bin/chsh does not have the SUID permission set. Without
           being set, it does not successfully change a user's shell.
           Typical newbie sys admin (on soda)
           \_ Actually, it does: -rwsr-xr-x 1 root root 37552 Feb 15  2011 /usr/bin/chsh
	...
2012/9/24-11/7 [Computer/SW/Languages, Computer/SW/Unix] UID:54484 Activity:nil
9/24    How come changing my shell using ldapmodify (chsh doesn't work) doesn't
        work either? ldapsearch and getent show the new shell but I still get
        the old shell on login.
        \_ Scratch that, it magically took my new shell now. WTF?
           \_ probably nscd(8)
	...
2012/4/27-6/4 [Computer/SW/Languages/Misc, Computer/SW/Unix] UID:54372 Activity:nil
4/27    I wrote a little shell script to collect iostat data:
        #!/bin/bash
        DATE=`date +%m%d`
        DATADIR=/var/tmp/user
        OUTPUTFILE=$DATADIR/$DATE.out
        while true
	...
2012/5/8-6/4 [Computer/SW/Unix] UID:54383 Activity:nil
5/8     Hello everyone!  This is Josh Hawn, CSUA Tech VP for Spring 2012.
        About 2 weeks ago, someone brought to my attention that our script
        to periodically merge /etc/motd.public into /etc/motd wasn't
        running.  When I looked into it, the cron daemon was running, but
        there hadn't been any root activity in the log since April 7th.  I
        looked into it for a while, but got lost in other things I was
	...
2012/2/9-3/26 [Computer/SW/Security, Computer/SW/Unix] UID:54305 Activity:nil
2/9     Reminder: support for mail services has been deprecated for *several
        years*. Mail forwarding, specifically .forward mail forwarding, is
        officially supported and was never deprecated.
        \_ There is no .forward under ~root.  How do we mail root and how do
           we get responses?
           \_ root@csua.berkeley.edu is and always has been an alias.
	...
2011/9/14-12/28 [Computer/SW/Unix] UID:54172 Activity:nil
9/12    We've restored CSUA NFS to something vaguely resembling normal
        functionality -- plus, with some luck, we should now have something
        vaguely resembling normal uptime, too!  Ping root@csua.org if you
        notice any problems.  --jordan
--------------------------------------------------------------------------------
        \_  Oh, and http://irc.CSUA.Berkeley.EDU is online again.
	...
2011/10/26-12/6 [Computer/SW/Unix] UID:54202 Activity:nil
10/24  What's an easy way to see if say column 3 of a file matches a list of
       expressions in a file? Basically I want to combine "grep -f <file>"
       to store the patterns and awk's $3 ~ /(AAA|BBB|CCC)/ ... I realize
       I can do this with "egrep -f " and use regexp instead of strings, but
       was wondering if there was some magic way to do this.
       \_ UNIX has no magic. Make a shell script to produce the ask or egrep
	...
2011/6/5-8/27 [Computer/HW/Memory] UID:54127 Activity:nil
6/5     In an effort to stabilize our services, we'll be rebuilding parts of
        the CSUA infrastructure over the course of this summer.  To give us
        some wiggle room, I've temporarily decreased soda's allocated RAM from
        8GB to 2GB.  If you need to run something that requires large amounts
        of memory, please send mail to root@csua.org and we'll try to
        accommodate your request.  --jordan
	...
2011/4/27-7/30 [Computer/SW/Unix, Computer/SW/Security] UID:54096 Activity:nil
4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...
Cache (1507 bytes)
isc.sans.org/diary.html?storyid=2220
In my opinion NOBODY be should running telnet open to the internet. Versions of Solaris 9 and lower do not appear to have this vulnerability. The issue: The telnet daemon passes switches directly to the login process which looks for a switch that allows root to login to any account without a password. If your telnet daemon is running as root it allows unauthenticated remote logins. org team has recommended using something other then plain text authentication due to potential network monitoring attacks. html "We recognize that the only effective long-term solution to prevent these attacks is by not transmitting reusable clear-text passwords on the network." If remote shell access is required ssh is a better choice then telnet. storyid=1541 The FIX: To disable telnet in solaris 10 or 11 this command should work. svcadm disable telnet The Mitigations: Limit your exposure if you must run telnet on your solaris system it is recommend that you use firewall to limit what IP can connect to your telnet services. Change /etc/default/login add CONSOLE=/dev/console to limit where root can login from. This only prevents direct access to the root account other accounts can still be compromised. telnetd -a user" We have had one report of someone locking themselves out with this so use at your own risk. No special tools are required to exploit this vulnerability. Thanks to Chris and Thomas who notified us of this issue and all the fellow handlers that helped verify, mitigate and review this report.