Bugtraq mailing list archives

Re: More fun with Solaris and network config ioctls

From: milun () CS BUFFALO EDU (Davin Milun)
Date: Tue, 12 Aug 1997 09:29:47 -0400

From owner-bugtraq () NETSPACE ORG Tue Aug 12 07:45 EDT 1997
Date:         Thu, 7 Aug 1997 15:57:45 +0100
From: Alan Cox <alan () CYMRU NET>
Subject:      More fun with Solaris and network config ioctls
To: BUGTRAQ () NETSPACE ORG

Bored of downing interfaces, ever wondered what else you could do with the
year old Solaris hole. Well since I've seen no great sign of life from Sun
lets do a little bit of demonstrating


As I reported to bugtraq on July 3, Patch 103093-13 (Solaris 2.5 SPARC)
fixes (among others) this problem:
1238582 privileged ifconfig ioctls by normal user succeed on sockets created as root

And your current exploit does not work on a Solaris 2.5 system with
103093-13 (or later) applied.

However, there does not seem to be an equivalent fix for Solaris 2.5.1 !!

Davin.
--
Davin Milun    Internet:  milun () cs Buffalo EDU     milun () acm org
               Fax:       (716) 645-3464
               WWW:       http://www.cs.buffalo.edu/~milun/

Current thread:

More fun with Solaris and network config ioctls Alan Cox (Aug 07)
- <Possible follow-ups>
- Re: More fun with Solaris and network config ioctls Davin Milun (Aug 12)