Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Solaris 9/10 ld.so fun

From: "Glenn Pitcher" <Glenn.Pitcher () MedImpact com>
Date: Tue, 5 Jul 2005 13:38:50 -0700
I compiled it using Workshop 10 and it doesn't give me root.  I'm on Solaris
9 w/ 112963-18.  Also tried using this on a Solaris 8 box and got the same
results.

bash-2.05$ !cc
cc -xarch=v8plus -xcode=pic32 -G -o /tmp/Schily-Root.so /tmp/Schily-Root.c
bash-2.05$ !export
export LD_AUDIT=/tmp/Schily-Root.so
bash-2.05$ su -
ld.so.1: su: warning: la_version: can't find symbol
ld.so.1: su: warning: /tmp/Schily-Root.so: audit initialization failure:
disabled

---
Glenn Pitcher
IT Security
MedImpact Healthcare Systems
San Diego, CA
858-790-7479
glenn.pitcher @ medimpact.com



-----Original Message-----
From: KF (lists) [mailto:kf_lists () digitalmunition com] 
Sent: Saturday, July 02, 2005 5:29 PM
To: full-disclosure () lists grok org uk
Cc: Przemyslaw Frasunek; bugtraq () securityfocus com
Subject: Re: [Full-disclosure] Solaris 9/10 ld.so fun


Przemyslaw Frasunek wrote:


Vulnerability was confirmed by Sun:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1

There are still no patches available, but workaround was proposed.

 



Here is an exploit for Schillix using venglin's mojo.
-KF




------------------------------------------------------------------------------
This transmission, together with any attachments, is intended only for the use of those to whom it is addressed and may 
contain information that is privileged, confidential, and exempt from disclosure under applicable law.  If you are not 
the intended recipient, you are hereby notified that any distribution or copying of this transmission is strictly 
prohibited.  If you received this transmission in error, please notify the original sender immediately and delete this 
message, along with any attachments, from your computer.
==============================================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: