John Mcdonald wrote: > > Enclosed is an exploit for a hole in Solaris rdist that I believe the > patch #105667-01 adresses. That patch is for 2.6. I've personally tested > the exploit on 2.6, 2.5.1, and 2.5 machines. I've tested the rdist exploit on a Sparc 20 w/ Solaris 2.6 unpatched, and it works. It is foiled however by adding "set noexec_user_stack=1" to /etc/system. Stack address: 0xefffe748. Safe address: 0xefffe650 (delta 248). Jumping to address 0xeffff080 B[1024] E[400] SO[2360] rdist: line 1: : No such file or directory gilbertat_private> id uid=1001(gilbert) gid=10(staff) -- Patrick Gilbert +1 (514) 289-2211.6325 Projets Speciaux / Hydro-Quebec gilbertat_private Montreal (QC), Canada CC FC E6 B7 20 7D 6A 11 78 FB 59 86 FE BA 9F 73
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:40 PDT