Bugtraq mailing list archives

Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability

From: mconst () typhoon-ether Berkeley EDU (Michael Constant)
Date: Sun, 30 Jun 1996 06:37:56 -0700

    Exactly which versions of perl are susceptible to this?  I tried
it using /usr/contrib/bin/perl on a BSD/OS 2.0 system as well as
/usr/bin/perl on FreeBSD 2.1/2.2 systems, and none gave a root shell.


Any copy of perl which is setuid root (they're typically named "sperl*"
or "suidperl").  The exploit does work on my FreeBSD 2.1.0-RELEASE system.

        - Michael Constant

Current thread:

Validating email sender, (continued)
- - Validating email sender Brendan McKenna (Jun 30)
    - Re: Validating email sender Squidge (Jun 30)
    - Re: Validating email sender Alan Brown (Jun 30)
    - Re: Validating email sender Casper Dik (Jun 30)
    - portmapper dangers der Mouse (Jun 30)
    - Re: portmapper dangers Julian Assange (Jun 30)
    - Re: portmapper dangers Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Rob J. Nauta (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability James Seng (Jun 30)
  - Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Michael Constant (Jun 30)