Bugtraq mailing list archives
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
From: aliles () IntNet net (Andrew Liles)
Date: Sun, 30 Jun 1996 06:34:20 -0400
On Sat, 29 Jun 1996, Brian Tao wrote:
Exactly which versions of perl are susceptible to this? I tried it using /usr/contrib/bin/perl on a BSD/OS 2.0 system as well as /usr/bin/perl on FreeBSD 2.1/2.2 systems, and none gave a root shell.
It seems to work on version 4 and 5 of suidperl. A regular non-suid perl does not have the vulnerability. So far, 3 machines that I have accounts on (all being linux boxes) have yielded root shells, but it seems that from the CERT advisory that most other machines that have suidperl are vulnerable. -Andrew Liles aka jadin on IRC _ ___ (_)__ ____/ (_)__ ----------------- E Pluribus UNIX ------------------- / / _ `/ _ / / _ \ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= __/ /\_,_/\_,_/_/_//_/ /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ |___/ aliles () IntNet net - PGP key on request - http://www.spilk.org/jadin/ --
Current thread:
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 28)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Brian Tao (Jun 29)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Validating email sender Brendan McKenna (Jun 30)
- Re: Validating email sender Squidge (Jun 30)
- Re: Validating email sender Alan Brown (Jun 30)
- Re: Validating email sender Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Brian Tao (Jun 29)
- portmapper dangers der Mouse (Jun 30)
- Re: portmapper dangers Julian Assange (Jun 30)
- Re: portmapper dangers Casper Dik (Jun 30)