ufsdump problem under Solaris 2.6 with ufs.c

From: posix (furyat_private)
Date: Mon Sep 27 1999 - 14:59:49 PDT

Next message: Eric Daniel: "Re: LD_PROFILE local root exploit for solaris 2.6"

Previous message: Matt Wilson: "Re: Linux GNOME exploit"
Next in thread: Carson Gaspar: "Re: ufsdump problem under Solaris 2.6 with ufs.c"
Reply: Carson Gaspar: "Re: ufsdump problem under Solaris 2.6 with ufs.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A while ago somebody posted source for an exploit using ufsdump under
Solaris 2.x. ( ufs.c )

I checked out Sun's site and looked for which patches were released to
correct this problem. All of them appear to be for Solaris 2.5.1.

We have applied the latest cluster patch on this new box
( 2.6_Recommended.tar Sep 15/99 ) ( after a fresh install of Solaris ),
yet ufsdump still is exploitable on this system.

Was there a patch to fix this problem under 2.6?
( other than turning off the setUID bit )

Many thanx in advance...

----
Richard Stride
"Fear conquers understanding. Understanding conquers fear"

Next message: Eric Daniel: "Re: LD_PROFILE local root exploit for solaris 2.6"
Previous message: Matt Wilson: "Re: Linux GNOME exploit"
Next in thread: Carson Gaspar: "Re: ufsdump problem under Solaris 2.6 with ufs.c"
Reply: Carson Gaspar: "Re: ufsdump problem under Solaris 2.6 with ufs.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:34 PDT