> > 4118295 LC_* can be used to obtain root access from setuid programs > This is already fixed in Solaris 7 and the following patches for > Solaris 2.6: > RELEASE ARCH PATCH > 5.6 i386 105211-06 > 5.6 sparc 105210-06 OK, did I miss the later messages on this topic? I've been waiting for a formal announcement from Sun, or a real patch, or someone to say that this patch definitely fixes the problem, or SOMETHING... I don't know what version of patching Peter was talking about, but right now, I can consistently gain root on my Solaris 7 sparc box, with MU2 applied, using the LC_MESSAGES buffer overflow exploit. And I can consistently do Bad Things to sh on a Solaris 2.6 box with 105210-19 (its a production machine, I can't actively root it). I'm praying I missed something. Did I? -- Brandon Hume - hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/ -> Solaris Snob and general NOCMonkey
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:16 PDT