Bugtraq mailing list archives
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
From: danny () protocol ece iisc ernet in (DANIEL .D .EZEKIEL)
Date: Mon, 1 Jul 1996 10:03:06 +0500
I've tested perl 5.001 on Linux 1.2.x and IRIX 5.3 and gotten root. Accounts on Solaris 2.5, AIX and BSDI 2.0 systems were not testable as the Solaris and AIX ones had rm'd suidperl and the BSDI one had done a chmod 0000 suidperl...so I assume they were either vulnerable or just paranoid.On Solaris 2.x you won't get suidperl installed unless you lie to configure. Solaris 2.x supports set-uid scripts securely and doesn't need suidperl. (After lying to configure you can build a suidperl which is indeed vulnerable as Solaris 2.x has POSIX saved ids.)
suidperl doesnt give root in solarix ,ultrix sunox as well as epix but works fine for linix1.2.x
Current thread:
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability DANIEL .D .EZEKIEL (Jun 30)
- <Possible follow-ups>
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Patrick (Jul 01)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability martinh () MAILHOST EMAP CO UK (Jul 01)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Henri Karrenbeld (Jul 01)