Bugtraq mailing list archives

Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability

From: martinh () MAILHOST EMAP CO UK (martinh () MAILHOST EMAP CO UK)
Date: Mon, 1 Jul 1996 14:59:23 +0000


On Sun, 30 Jun 1996, Michael Constant wrote:

    Exactly which versions of perl are susceptible to this?  I tried
it using /usr/contrib/bin/perl on a BSD/OS 2.0 system as well as
/usr/bin/perl on FreeBSD 2.1/2.2 systems, and none gave a root shell.


Any copy of perl which is setuid root (they're typically named "sperl*"
or "suidperl").  The exploit does work on my FreeBSD 2.1.0-RELEASE system.


Breaks on Linux 1.3.20 here, using suidperl -U it dies with a SEGV, with
juts perl it gives me a shell with normal permissions

On 1.2.8 it _does_ work.

M.

##################################################################
# Martin Hargreaves (martin () datamodl demon co uk)  Computational #
# Director, Datamodel Ltd                                Chemist #
# Contract Unix system admin/Unix security              Sysadmin #
##################################################################

Current thread:

Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability DANIEL .D .EZEKIEL (Jun 30)
- <Possible follow-ups>
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Patrick (Jul 01)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability martinh () MAILHOST EMAP CO UK (Jul 01)
  - Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Henri Karrenbeld (Jul 01)