Bugtraq mailing list archives
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
From: martinh () MAILHOST EMAP CO UK (martinh () MAILHOST EMAP CO UK)
Date: Mon, 1 Jul 1996 14:59:23 +0000
On Sun, 30 Jun 1996, Michael Constant wrote:
Exactly which versions of perl are susceptible to this? I tried it using /usr/contrib/bin/perl on a BSD/OS 2.0 system as well as /usr/bin/perl on FreeBSD 2.1/2.2 systems, and none gave a root shell.Any copy of perl which is setuid root (they're typically named "sperl*" or "suidperl"). The exploit does work on my FreeBSD 2.1.0-RELEASE system.
Breaks on Linux 1.3.20 here, using suidperl -U it dies with a SEGV, with juts perl it gives me a shell with normal permissions On 1.2.8 it _does_ work. M. ################################################################## # Martin Hargreaves (martin () datamodl demon co uk) Computational # # Director, Datamodel Ltd Chemist # # Contract Unix system admin/Unix security Sysadmin # ##################################################################
Current thread:
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability DANIEL .D .EZEKIEL (Jun 30)
- <Possible follow-ups>
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Patrick (Jul 01)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability martinh () MAILHOST EMAP CO UK (Jul 01)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Henri Karrenbeld (Jul 01)