RE: Solaris 9/10 ld.so fun

["Charles Heselton" <charles.heselton () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did the same.  Patchrm-ed 112963-19 to -12.  It still works for me.

Uname -a :

SunOS cf-node000 5.9 Generic_118558-09 sun4u sparc SUNW,Ultra-1

- --
- - Charlie
 
5A27 58D2 C791 8769 D4A4  F316 7BF8 D1F6 4829 EDCF
 
 
 

> -----Original Message-----
> From: full-disclosure-bounces () lists grok org uk 
> [mailto:full-disclosure-bounces () lists grok org uk] On Behalf 
> Of Piotr KUCHARSKI
> Sent: Tuesday, June 28, 2005 10:49 AM
> To: Przemyslaw Frasunek
> Cc: full-disclosure () lists grok org uk; bugtraq () securityfocus com
> Subject: Re: [Full-disclosure] Solaris 9/10 ld.so fun
>
> On Tue, Jun 28, 2005 at 06:17:02PM +0200, Przemyslaw Frasunek
> wrote: 
> > This vulnerability was introduced by one of the recent 
> patches for Solaris 9,
> > possibly 112963. Ld.so patched with 112963-08 is not 
> vulnerable -- it does
> > not allow LD_AUDIT for set[ug]id binaries, but upgrading to 
> 112963-16
> > definitly makes ld.so exploitable.
>
> Just patchrm-ed 112963-19 to -12, it is not working anymore.
>
> p.
>
> -- 
> Beware of he who would deny you access to information, for in his
> heart he dreams himself your master.   -- Commissioner Pravin Lal
> http://nerdquiz.sgh.waw.pl/  -- polska wersja quizu dla nerdów ;)
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQsHll3v40fZIKe3PEQJzqACdEeusRDtTHQUjoZR0UR4MGl5LFccAnA+y
XW7ELeMG8WK7klz/86f83scB
=/+QX
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/