[VIM] old Solaris ff.core help =)

security curmudgeon jericho at attrition.org
Wed Jun 8 00:39:45 EDT 2005

Hey Casper,

I'm digging into some old vulnerabilities for my work with the Open Source 
Vulnerability Database (OSVDB). I'm currently trying to sort out the old 
Solaris ff.core vulnerabilities and running into some confusion. Since you 
were an active poster to Bugtraq back then and probably have more intimate 
Solaris knowledge than anyone else, I was hoping you could help out.

Depending on how you read the public information, there are potentially 4 

Aug 30, 1994 - Solaris ff.core IFS Variable Privilege Escalation
This is part of patch 101889

Apr 28, 1998 - Solaris ff.core Unspecified Issue
Based on the revisions of 101889, this suggests ff.core was vulnerable 

Jan 7, 1999 - Solaris ff.core Symlink Arbitrary File Modification

I'm 99% sure these are three distinct vulnerabilities in the ff.core 
utility. My real confusion comes from Bugtraq 94/95 traffic, as seen in 
this post:


This is one of a few mentions of "two vulnerabilities in ff.core". Based 
on the date, the Aug 30, 1994 IFS would be one of the two, but I can't 
find record of the second beyond the somewhat cryptic 101889 patch notes 
and several mail list posts.

In short, can you confirm there were two vulnerabilities around 1994/1995 
in ff.core? If so, any hint as to what the second was, or the impact? 
Given the age of the program, I don't think it is letting any serious 
cat out of the bag =) This is purely for a historic perspective on 

Thanks for any help you can provide!


More information about the VIM mailing list