Bugtraq mailing list archives
Re: Immunity Advisory: Solaris local kernel root
From: Casper Dik <casper () holland sun com>
Date: Wed, 24 Mar 2004 11:34:28 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Immunity Research has released an Advisory from the Vulnerability Sharing Club into the public domain. This advisory can be found at http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf Technical Summary: There is a vulnerability in Solaris that allows local users to load kernel modules without being root. This is handy for getting around things like Argus Pitbull (if it still existed) or Okena or Entercept or anything like that, or simply for just taking root. An exploit for this was released as part of the Shellcoder's Handbook. There is a Solaris patch that appears to make this exploit ineffective. http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57479&zone_32=category%3Asecurity
I wonder why you even bother publishing this; at the time the document claims to have been written, half the listed Solaris revisions had already patches out for them; Solaris 10, which technically doesn't exist yet, had the bug already fixed in its most recent Solaris Express builds. But thanks for including the reference to the Sun Alert; that should prevent this from being to large a blip on the SunService radar screen. Casper
Current thread:
- Immunity Advisory: Solaris local kernel root Dave Aitel (Mar 23)
- Re: Immunity Advisory: Solaris local kernel root Casper Dik (Mar 24)
- Re: Immunity Advisory: Solaris local kernel root Dave Aitel (Mar 25)
- Re: Immunity Advisory: Solaris local kernel root Casper Dik (Mar 25)
- Re: Immunity Advisory: Solaris local kernel root Dave Aitel (Mar 25)
- Re: Immunity Advisory: Solaris local kernel root Dave Aitel (Mar 25)
- Re: Immunity Advisory: Solaris local kernel root Casper Dik (Mar 24)