Solaris 2.5 x86 aspppd (semi-exploitable-hole) Although initialy when I first saw this hole I thought "noone is realy vunerable", but after seeing how badly aspppd handled my modem line getting dropped (Solaris doesnt down the interface, so you have to either restart aspppd, or do it manualy), I figured some people running scripts that restart aspppd might be. Its relatively simple, in /tmp/ lies .asppp.fifo which is world r/w if aspppd isnt running you simply ln -s /.rhosts /tmp/.asppp.fifo, when root executes aspppd, /.rhosts is opened r/w as a fifo, the second aspppd dies /.rhosts becomes a normal file world r/w. aspppd isnt setuid, so it must be run by root and later killed for any of this to work. Not likely, but if your like me and have a small script to keep up your link, (not anymore) your probably vunerable.