Bugtraq mailing list archives
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
From: casper () holland Sun COM (Casper Dik)
Date: Sun, 30 Jun 1996 22:51:55 +0200
I've tested perl 5.001 on Linux 1.2.x and IRIX 5.3 and gotten root. Accounts on Solaris 2.5, AIX and BSDI 2.0 systems were not testable as the Solaris and AIX ones had rm'd suidperl and the BSDI one had done a chmod 0000 suidperl...so I assume they were either vulnerable or just paranoid.
On Solaris 2.x you won't get suidperl installed unless you lie to configure. Solaris 2.x supports set-uid scripts securely and doesn't need suidperl. (After lying to configure you can build a suidperl which is indeed vulnerable as Solaris 2.x has POSIX saved ids.) Casper
Current thread:
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 28)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Brian Tao (Jun 29)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Validating email sender Brendan McKenna (Jun 30)
- Re: Validating email sender Squidge (Jun 30)
- Re: Validating email sender Alan Brown (Jun 30)
- Re: Validating email sender Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Brian Tao (Jun 29)
- portmapper dangers der Mouse (Jun 30)
- Re: portmapper dangers Julian Assange (Jun 30)
- Re: portmapper dangers Casper Dik (Jun 30)
- <Possible follow-ups>
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability James Seng (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)