Re: Solaris2.6,2.7 dtprintinfo exploits

From: Darren J Moffat - Enterprise Services OS Product Support Group (darren.moffatat_private)
Date: Fri May 14 1999 - 07:03:42 PDT

Next message: David F. Skoll: "Clarification: LD_PRELOAD issue"

Previous message: Holt Sorenson: "Re: SunOS 5.6 (X86) lpset vulnerability"
Maybe in reply to: UNYUN@ShadowPenguin: "Solaris2.6,2.7 dtprintinfo exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>"dtprintinfo" is suid program, the stack buffer can be overflowed by '-p'
>option. I made an exploit program that can get root for Intel edition of
>Solaris2.6 and Solaris 2.7.
>Please test it.
>If you test this program, please set DISPLAY environment correctly
>before execution.


This is Sun Bug# 4139394 which has been fixed in the current development
release.  Patches for Solaris 2.6 and Solaris 7 (ie CDE 1.2 and CDE 1.3)
are currently in development.

As an aside there is no indication in any of our databases that you
made any attempt to contact Sun before publishing this publicly, please
give us a chance first.

Thanks

--
Darren J Moffat

Next message: David F. Skoll: "Clarification: LD_PRELOAD issue"
Previous message: Holt Sorenson: "Re: SunOS 5.6 (X86) lpset vulnerability"
Maybe in reply to: UNYUN@ShadowPenguin: "Solaris2.6,2.7 dtprintinfo exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:53 PDT