Re: IRIX /usr/lib/print/netprint local root symbols exploit.

From: v9at_private
Date: Fri Apr 27 2001 - 12:30:35 PDT

Next message: Linux Mandrake Security Team: "MDKSA-2001:044 - gftp update"

Previous message: Stan: "PerlCal (CGI) show files vulnerability"
Maybe in reply to: v9at_private: "IRIX /usr/lib/print/netprint local root symbols exploit."
Next in thread: Thomas-Martin Kruel: "Re: IRIX /usr/lib/print/netprint local root symbols exploit."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> No news here.
> 
> The author's site indicates that he found the
bug under IRIX 6.2.
> That release of IRIX is around 5 years old.  SGI
released a Security
> Advisory on the netprint issue in December of
1996 which included
> information on a patch which fixes it.  See
SGI's security site at:
> 
>   http://www.sgi.com/support/security/index.html
> 
> I tested the exploit against a current IRIX
release (6.5.11) and found
> it not to be vulnerable.

it is unreleated to the 1996 one, i checked
first... i believe it is exploitable up to just
before that version.  the older one was a bug with
a system() call executing "disable".

Next message: Linux Mandrake Security Team: "MDKSA-2001:044 - gftp update"
Previous message: Stan: "PerlCal (CGI) show files vulnerability"
Maybe in reply to: v9at_private: "IRIX /usr/lib/print/netprint local root symbols exploit."
Next in thread: Thomas-Martin Kruel: "Re: IRIX /usr/lib/print/netprint local root symbols exploit."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 27 2001 - 18:23:49 PDT