Bugtraq mailing list archives
Re: OpenUNIX 8 & Unixware possible local root
From: Scott J <mrbinary () yahoo com>
Date: Thu, 4 Oct 2001 07:23:39 -0700 (PDT)
For whatever reason, it seems that AIX may not be vulnerable. This test performed on a stinky old E30 133 MHz RS/6000, 512 MB "server" (more like a workstation now, and a wimpy one at that). But it's the only thing I could get my hands on to try this exploit(?) I was unable to get dtterm to segfault. This is AIX 4.3.3 with maintenance level of at least 6 applied, more likely 7 or 8. It's a uniprocessor box: lslpp -ha bos.up returns 4.3.3.26 applied & committed. Apologies to Bugtraqqers, I don't have time to try out the entire dt suite o' crap at the moment with the problems that have just cropped up. See details below. myuserid () ourhost01 fq dn [/home/net/myuserid] [0] $ date date Thu Oct 4 08:58:33 EDT 2001 myuserid () ourhost01 fq dn [/home/net/myuserid] [0] $ uname -a uname -a AIX ourhost01 3 4 00299A86C000 myuserid () ourhost01 fq dn [/home/net/myuserid] [0] $ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23462'` /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23462'` ksh: /usr/dt/bin/dtterm: arg list too long myuserid () ourhost01 fq dn [/home/net/myuserid] [126] $ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'` /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'` myuserid () ourhost01 fq dn [/home/net/myuserid] [0] $ ls -al core ls -al core core not found myuserid () ourhost01 fq dn [/home/net/myuserid] [2] $ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'` /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'` myuserid () ourhost01 fq dn [/home/net/myuserid] [0] $ ls -al core ls -al core core not found myuserid () ourhost01 fq dn [/home/net/myuserid] [2] $ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'` /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'` myuserid () ourhost01 fq dn [/home/net/myuserid] [0] $ ls -al core ls -al core core not found myuserid () ourhost01 fq dn [/home/net/myuserid] [2] $ myuserid () ourhost01 fq dn [/home/net/myuserid] [2] $ ls -al /usr/dt/bin/dtterm ls -al /usr/dt/bin/dtterm -r-sr-xr-x 1 root bin 40756 Jul 13 1999 /usr/dt/bin/dtterm Slán leat agus go n'eirí an bóthar leat. __________________________________________________ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1
Current thread:
- OpenUNIX 8 & Unixware possible local root Aycan Irican (Oct 02)
- Message not available
- Re: OpenUNIX 8 & Unixware possible local root Aycan Irican (Oct 03)
- Message not available
- <Possible follow-ups>
- RE: OpenUNIX 8 & Unixware possible local root Cushing, David (Oct 03)
- Re: OpenUNIX 8 & Unixware possible local root Rob Bartlett - CPRE EMEA (Oct 03)
- Re: OpenUNIX 8 & Unixware possible local root KF (Oct 03)
- RE: OpenUNIX 8 & Unixware possible local root Bob Dog (Oct 03)
- RE: OpenUNIX 8 & Unixware possible local root Bob Dog (Oct 03)
- Re: OpenUNIX 8 & Unixware possible local root ARAI Yuu (Oct 04)
- RE: OpenUNIX 8 & Unixware possible local root Lamont Granquist (Oct 04)
- Re: OpenUNIX 8 & Unixware possible local root Scott J (Oct 04)