Bugtraq mailing list archives
Re: Solaris 7 x86 lpset exploit.
From: jor () FM RZ FH-MUENCHEN DE (Jor)
Date: Thu, 27 Apr 2000 09:36:54 +0200
On Wed, Apr 26, 2000 at 03:51:19PM -0400, Andrew Brown wrote:
There is a sparc version avail for this bug, the bug was discovered by duke some time ago.just for people who don't know...or have forgotten...putting this: set noexec_user_stack = 1 set noexec_user_stack_log = 1 in your /etc/system file protects you against this. it doesn't fix the bug, but it stops the effects from being quite so "bad".
And for all those who cannot afford to reboot their servers very often, but want the same protection: echo "noexec_user_stack/W 0x1" | adb -wk /dev/ksyms /dev/mem echo "noexec_user_stack_log/W 0x1" | adb -wk /dev/ksyms /dev/mem This will change the running kernel. (i.e. no reboot required) but dont forget to put the above lines in yout /etc/system ;) another note: while this seem to have very litle negative effect on all solaris/sparc app's i have used so far, there is a reason, why SUN does enable stack execution by default, if i am correctly informed this is due to some fortran or rare/old compiler issue, and might break some fortran or other alien language code... Thats probably what the second line (noexec_user_stack_log) is for, to see in your kernel-log's when this caused a program to fail. So, first try this out on a test machine before doing it on the production machine! hoever, the echo ... |adb methode can be used to switch back to original operation w/o reboot ;) i hope this helps some... Juergen -- Juergen P. Meier email: jpm () class de Class GmbH Firmengruppe phone: +49 172 8379103
Current thread:
- Re: Solaris 7 x86 lpset exploit., (continued)
- Re: Solaris 7 x86 lpset exploit. Laurent LEVIER (Apr 24)
- Re: Solaris 7 x86 lpset exploit. Theodor Ragnar Gislason (Apr 25)
- Re: Solaris 7 x86 lpset exploit. Andrew Brown (Apr 26)
- Modifying NT credential and RAZOR's analysis of dvwsrr.dll Iván Arce (Apr 26)
- Re: Solaris 7 x86 lpset exploit. Len Rose (Apr 26)
- Re: Solaris 7 x86 lpset exploit. Eugene Ilchenko (Apr 26)
- Cisco HTTP possible bug: Keith Woodworth (Apr 26)
- Alert: Cart32 secret password backdoor (CISADV000427) Cerberus Security Team (Apr 26)
- Re: Alert: Cart32 secret password backdoor (CISADV000427) Bill Borton (Apr 28)
- Re: Alert: Cart32 secret password backdoor (CISADV000427) Knud Erik Højgaard (Mar 30)
- Re: Solaris 7 x86 lpset exploit. Laurent LEVIER (Apr 24)
- Re: Solaris 7 x86 lpset exploit. Jor (Apr 27)
- Re: Solaris 7 x86 lpset exploit. Casper Dik (Apr 28)
- Re: piranha default password/exploit Cristian Gafton (Apr 25)
- Re: piranha default password/exploit CDI (Apr 25)
- Re: piranha default password/exploit Matt Wilson (Apr 26)
- fingerd Psarras Nikos (Apr 27)
- Re: fingerd Brock Sides (Apr 27)