Bugtraq mailing list archives
Re: solaris 2.x rdist exploit/ too many humbles :P
From: gilbert () ALLEYCAT VPI HYDRO QC CA (gilbert () ALLEYCAT VPI HYDRO QC CA)
Date: Fri, 14 Aug 1998 12:07:46 -0400
John Mcdonald wrote:
Enclosed is an exploit for a hole in Solaris rdist that I believe the patch #105667-01 adresses. That patch is for 2.6. I've personally tested the exploit on 2.6, 2.5.1, and 2.5 machines.
I've tested the rdist exploit on a Sparc 20 w/ Solaris 2.6 unpatched, and it works. It is foiled however by adding "set noexec_user_stack=1" to /etc/system. Stack address: 0xefffe748. Safe address: 0xefffe650 (delta 248). Jumping to address 0xeffff080 B[1024] E[400] SO[2360] rdist: line 1: : No such file or directory gilbert () alleycat vpi hydro qc ca> id uid=1001(gilbert) gid=10(staff) -- Patrick Gilbert +1 (514) 289-2211.6325 Projets Speciaux / Hydro-Quebec gilbert () alleycat vpi hydro qc ca Montreal (QC), Canada CC FC E6 B7 20 7D 6A 11 78 FB 59 86 FE BA 9F 73
Current thread:
- Re: solaris 2.x rdist exploit/ too many humbles :P gilbert () ALLEYCAT VPI HYDRO QC CA (Aug 14)
- Re: solaris 2.x rdist exploit/ too many humbles :P Casper Dik (Aug 14)
- crashme on SGI O2 running 6.3 Igor Schein (Aug 14)
- [micq] ICQ Hole (fwd) The big-dog (Aug 14)
- MySQL DoS ? Phear Me (Aug 14)
- Re: MySQL DoS ? Pablo Luis Bucich (Aug 15)