Re: BoS: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd)

[kai () nyiq net (Kai)]

Brian Tao wrote:

> On Sun, 30 Jun 1996, Dan Polivy wrote:
> > Does /bin/bash exist on your system?  Is the script setuid to
> > anything?   (It should have either the user or group +s, i think)  It
> > worked for me on my FreeBSD machines (2.1 and -stable)...
>
>     Small glitch on my mistake... I had tried the script as originally
> presented to me, with #!/usr/bin/perl.  Changing that to suidperl
> alters the results (I thought perl automatically fed a setuid script
> to suidperl).
>
>     On a BSD/OS 2.0 system, running the script produces "Can't swap
> uid and euid.".  The exploit works on my FreeBSD systems from 2.1R
> through to 2.2-960501-SNAP.  2.2-960612-SNAP appears to have already
> fixed the problem.  I imagine the recent 2.1.5 snapshots are not
> vulnerable either, but I haven't had a chance to verify.
> --

execution on my system results in a 'Insecure PATH at ./blah line 3.' ,
no matter what program exec is calling in the exploit script.
Why is that ?