Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability

[patrick () chloe dmv com (Patrick)]

Seems that platform doesn't matter, (even on Irix 5.3 with the option to
not execute suid script files, which took 5 seconds to work-around) but
the version of Perl installed on the system.  Is it version 5.003 that fixes
the problem?

------------------------------------------------------------------------------
Patrick Ferguson - Systems Administrator                      patrick () dmv com
DelMarVa OnLine! - Salisbury, MD

On Sun, 30 Jun 1996, Jon Lewis wrote:

> On Sun, 30 Jun 1996, Andrew Liles wrote:
>
> > >     Exactly which versions of perl are susceptible to this?  I tried
> > > it using /usr/contrib/bin/perl on a BSD/OS 2.0 system as well as
> > > /usr/bin/perl on FreeBSD 2.1/2.2 systems, and none gave a root shell.
> >
> > It seems to work on version 4 and 5 of suidperl. A regular non-suid perl
> > does not have the vulnerability. So far, 3 machines that I have accounts
> > on (all being linux boxes) have yielded root shells, but it seems that
>
> I've tested perl 5.001 on Linux 1.2.x and IRIX 5.3 and gotten root.
> Accounts on Solaris 2.5, AIX and BSDI 2.0 systems were not testable as the
> Solaris and AIX ones had rm'd suidperl and the BSDI one had done a chmod
> 0000 suidperl...so I assume they were either vulnerable or just paranoid.
>
> I didn't bother testing my linux 1.3.x or 2.0.0 boxes, but assumed they
> were vulnerable and upgraded them all to 5.003.
>
> ------------------------------------------------------------------
>  Jon Lewis                      |  Mime attachments are OK
>  jlewis () inorganic5 fdt net      |  But please ask before sending
>  http://inorganic5.fdt.net      |  unsolicited huge files.
> ________Finger jlewis () inorganic5 fdt net for PGP public key_______