Bugtraq mailing list archives

Re: Buffer overflows in Solaris 2.6 ufsdump and ufsrestore

From: eugene.bradley () erols com (Eugene Bradley)
Date: Thu, 23 Apr 1998 20:50:53 +0000


I confirmed the segmentation fault for Solaris 2.6 SPARC on a Sun
Ultra Enterprise 2 box running Solaris 2.6 with the current
(4/8) recommended & security patch cluster, plus the following
patches specific to ufsdump and ufsrestore [1]:

105722-01: SunOS 5.6: /usr/lib/fs/ufs/ufsdump patch
105724-01: SunOS 5.6: /usr/lib/fs/ufs/ufsrestore patch

I have an open ticket with SunService on this vulnerability.
Best fix I know of for now:

chmod ug-s /usr/lib/fs/ufs/ufsdump
chmod u-s /usr/lib/fs/ufs/ufsrestore

Unfortunately, my job doesn't use gcc for development, so I was
unable to compile ufsdump.c at all to test for tty or even
root shell exploitation.

--
Eugene Bradley
eugene.bradley () geocities com (Personal ONLY!)
http://www.geocities.com/SiliconValley/Haven/9323/

[1]You need a SunService contract *and* a valid registration at
http://sunsolve.sun.com/sunsolve/contractservices.html to
obtain these patches.

--
Eugene Bradley
eugene.bradley () erols com (Personal ONLY!)
eugenebradley () geocities com (everything else)
http://www.geocities.com/SiliconValley/Haven/9323/

Current thread:

Buffer overflows in Solaris 2.6 ufsdump and ufsrestore Seth McGann (Apr 23)
- Re: Buffer overflows in Solaris 2.6 ufsdump and ufsrestore Jonathan A. Zdziarski (Apr 23)
- <Possible follow-ups>
- Re: Buffer overflows in Solaris 2.6 ufsdump and ufsrestore Eugene Bradley (Apr 23)