Vulnerability Development mailing list archives
Re: Some work needed
From: White Vampire <whitevampire () mindless com>
Date: Tue, 8 Aug 2000 12:32:48 -0400
On Sun, Aug 06, 2000 at 07:15:15PM -0500, Jonathan Leto(jonathan () leto net) wrote: : Is there any suggested fix for this and have the perl people been notified? There are all sorts of suggested fixes. First of all, simply remove the SUID bit from /usr/bin/suidperl*. If you really need to keep the SUID bit you can use a binary replace as an adequate fix as suggested by Paul Szabo on Bugtraq: cd /usr/local/bin cp -i suidperl suidperl.ORIG perl -pe 's/mail root/NOmailZZZ/' < suidperl.ORIG > suidperl chmod 4711 suidperl One of those two fixes should suit your needs. I suggest reading the Bugtraq archive at http://www.securityfocus.com/ for more information. Regards, -- __ ______ ____ / \ / \ \ / / White Vampire\Rem \ \/\/ /\ Y / http://www.projectgamma.com/ \ / \ / http://www.webfringe.com/ \__/\ / \___/ http://www.gammaforce.org/ \/ "Silly hacker, root is for administrators."
Attachment:
_bin
Description:
Current thread:
- Some work needed Michal Zalewski (Aug 06)
- Re: Some work needed Jonathan Leto (Aug 07)
- Re: Some work needed Michal Zalewski (Aug 08)
- Re: Some work needed White Vampire (Aug 09)
- Re: Some work needed Luis Pinto (Aug 08)
- Re: Some work needed White Vampire (Aug 09)
- Re: Perl exploit (was: Some work needed) Rafal Wojtczuk (Aug 08)
- Re: Some work needed Jonathan Leto (Aug 07)