Bugtraq mailing list archives
Re: Question on Solaris LC_MESSAGES libc exploit
From: darren.moffat () UK SUN COM (Darren J Moffat - Sun Enterprise Services UK)
Date: Tue, 17 Aug 1999 09:43:29 +0100
A previous message stated that the LC_MESSAGES bug in Solaris has been fixed in 7. However, I am still able to gain root with the below code on Sparc Solaris 7 5/99 Release boxes with MU2 and 7_Recommended patch set installed (offset 7152 gets root for me). Has there been a patch released for Solaris 7 that addresses this? Thanks for any help.
The fix for this will be included in the following 3 patches: 106541-06 Solaris 7 Kernel Update 106793-03 ufsdump and ufsrestore patch 107972-01 /usr/sbin/static/rcp patch These patches have not yet been released officially. If you have a service contract they you can get a pre-release version from Sun Enterprise Services. We expect the patches will be released officially very soon. Why was there such a long delay ? The fix for LC_MESSAGES requires changes to the static and dynamic versions of libc. In Solaris 7 libc is part of the kernel update due to intimate changes that effected both the kernel and libc in an early release of the kernel update patch. Sun does a lot of regression testing and other QA cyles on the kernel update patches before they are released. Unfortunatly the 5/99 release and the corresponding kernel update patch were to far along the line to include the LC_MESSAGES fix in that release. We are currently investigating if there are ways we can improve the release time for security fixes when we have complex patch dependancies and QA release cycles. -- Darren J Moffat
Current thread:
- Question on Solaris LC_MESSAGES libc exploit Viraj Alankar (Aug 15)
- <Possible follow-ups>
- Re: Question on Solaris LC_MESSAGES libc exploit Darren J Moffat - Sun Enterprise Services UK (Aug 17)
- Re: Question on Solaris LC_MESSAGES libc exploit acpizer (Aug 17)