Re: Solaris2.6,2.7 dtprintinfo exploits

[darren.moffat () uk sun com (Darren J Moffat - Enterprise Services OS Product Support Group)]

> "dtprintinfo" is suid program, the stack buffer can be overflowed by '-p'
> option. I made an exploit program that can get root for Intel edition of
> Solaris2.6 and Solaris 2.7.
> Please test it.
> If you test this program, please set DISPLAY environment correctly
> before execution.


This is Sun Bug# 4139394 which has been fixed in the current development
release.  Patches for Solaris 2.6 and Solaris 7 (ie CDE 1.2 and CDE 1.3)
are currently in development.

As an aside there is no indication in any of our databases that you
made any attempt to contact Sun before publishing this publicly, please
give us a chance first.

Thanks

--
Darren J Moffat