Bugtraq mailing list archives
Re: solaris 2.x rdist exploit/ too many humbles :P
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Fri, 14 Aug 1998 20:16:40 +0200
John Mcdonald wrote:Enclosed is an exploit for a hole in Solaris rdist that I believe the patch #105667-01 adresses. That patch is for 2.6. I've personally tested the exploit on 2.6, 2.5.1, and 2.5 machines.I've tested the rdist exploit on a Sparc 20 w/ Solaris 2.6 unpatched, and it works. It is foiled however by adding "set noexec_user_stack=1" to /etc/system.
For those unfamiliar with the feature, also try "set noexec_user_stack_log =1"; it will cause messages to be logged in such cases. Casper
Current thread:
- Re: solaris 2.x rdist exploit/ too many humbles :P gilbert () ALLEYCAT VPI HYDRO QC CA (Aug 14)
- Re: solaris 2.x rdist exploit/ too many humbles :P Casper Dik (Aug 14)
- crashme on SGI O2 running 6.3 Igor Schein (Aug 14)
- [micq] ICQ Hole (fwd) The big-dog (Aug 14)
- MySQL DoS ? Phear Me (Aug 14)
- Re: MySQL DoS ? Pablo Luis Bucich (Aug 15)