Digital Unix 4.0 through 4.0D w/BL11 (aka patch kit 3) does not appear to be vulnerable to this problem. Tested with: % cat > lpstat echo "system for lpprn: server.com" ^D % chmod 755 lpstat % setenv PATH .:$PATH % /usr/dt/bin/dtprintinfo -p `perl -e '{ print "A" x 10000 }'` On Mon, 10 May 1999, UNYUN@ShadowPenguin wrote: > "dtprintinfo" is suid program, the stack buffer can be overflowed by '-p' > option. I made an exploit program that can get root for Intel edition of > Solaris2.6 and Solaris 2.7. -- Lamont Granquist lamontgat_private Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontgat_private | pgp -fka
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:32 PDT