Full Disclosure mailing list archives
RE: Solaris 9/10 ld.so fun
From: "Glenn Pitcher" <Glenn.Pitcher () MedImpact com>
Date: Tue, 5 Jul 2005 13:38:50 -0700
I compiled it using Workshop 10 and it doesn't give me root. I'm on Solaris 9 w/ 112963-18. Also tried using this on a Solaris 8 box and got the same results. bash-2.05$ !cc cc -xarch=v8plus -xcode=pic32 -G -o /tmp/Schily-Root.so /tmp/Schily-Root.c bash-2.05$ !export export LD_AUDIT=/tmp/Schily-Root.so bash-2.05$ su - ld.so.1: su: warning: la_version: can't find symbol ld.so.1: su: warning: /tmp/Schily-Root.so: audit initialization failure: disabled --- Glenn Pitcher IT Security MedImpact Healthcare Systems San Diego, CA 858-790-7479 glenn.pitcher @ medimpact.com
-----Original Message----- From: KF (lists) [mailto:kf_lists () digitalmunition com] Sent: Saturday, July 02, 2005 5:29 PM To: full-disclosure () lists grok org uk Cc: Przemyslaw Frasunek; bugtraq () securityfocus com Subject: Re: [Full-disclosure] Solaris 9/10 ld.so fun Przemyslaw Frasunek wrote:Vulnerability was confirmed by Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1 There are still no patches available, but workaround was proposed.Here is an exploit for Schillix using venglin's mojo. -KF
------------------------------------------------------------------------------ This transmission, together with any attachments, is intended only for the use of those to whom it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any distribution or copying of this transmission is strictly prohibited. If you received this transmission in error, please notify the original sender immediately and delete this message, along with any attachments, from your computer. ============================================================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Solaris 9/10 ld.so fun KF (lists) (Jul 02)
- <Possible follow-ups>
- RE: Solaris 9/10 ld.so fun Glenn Pitcher (Jul 05)