Bugtraq mailing list archives

Re: Solaris 7 x86 lpset exploit.

From: eugene () TSU RU (Eugene Ilchenko)
Date: Thu, 27 Apr 2000 08:34:26 +0700


Hello!

Andrew Brown wrote:

There is a sparc version avail for this bug, the bug was discovered by
duke some time ago.

just for people who don't know...or have forgotten...putting this:
   set noexec_user_stack = 1
   set noexec_user_stack_log = 1


Just look at http://secinf.net/info/unix/stack.txt for an explanation how to
remake the exploit code, to avoid these settings. This text where sent to
the Bagtraq sometime ago.

in your /etc/system file protects you against this.  it doesn't fix
the bug, but it stops the effects from being quite so "bad".


Yes, this method is very good, alas it could not be a panacea :(((

--
------------------------------------------------------
Eugene S. Ilchenko, System Network Administrator
http://secinf.net/

Current thread:

Solaris x86 Xsun overflow., (continued)
- Solaris x86 Xsun overflow. Theodor Ragnar Gislason (Apr 24)
- Solaris 7 x86 lp exploit Theodor Ragnar Gislason (Apr 24)
  - Re: Solaris 7 x86 lp exploit Laurent LEVIER (Apr 24)
- Re: netkill - generic remote DoS attack stanislav shalunov (Apr 24)
- Solaris 7 x86 lpset exploit. Theodor Ragnar Gislason (Apr 24)
  - Re: Solaris 7 x86 lpset exploit. Laurent LEVIER (Apr 24)
    - Re: Solaris 7 x86 lpset exploit. Theodor Ragnar Gislason (Apr 25)
    - Re: Solaris 7 x86 lpset exploit. Andrew Brown (Apr 26)
    - Modifying NT credential and RAZOR's analysis of dvwsrr.dll Iván Arce (Apr 26)
    - Re: Solaris 7 x86 lpset exploit. Len Rose (Apr 26)
    - Re: Solaris 7 x86 lpset exploit. Eugene Ilchenko (Apr 26)
    - Cisco HTTP possible bug: Keith Woodworth (Apr 26)
    - Alert: Cart32 secret password backdoor (CISADV000427) Cerberus Security Team (Apr 26)
    - Re: Alert: Cart32 secret password backdoor (CISADV000427) Bill Borton (Apr 28)
    - Re: Alert: Cart32 secret password backdoor (CISADV000427) Knud Erik Højgaard (Mar 30)
    - Re: Solaris 7 x86 lpset exploit. Jor (Apr 27)
    - Re: Solaris 7 x86 lpset exploit. Casper Dik (Apr 28)
- SECURITY: [RHSA-2000:014-10] Updated piranha packages available Cristian Gafton (Apr 24)
- FreeBSD Security Advisory: FreeBSD-SA-00:14.imap-uw FreeBSD Security Officer (Apr 24)
- FreeBSD Security Advisory: FreeBSD-SA-00:15.imap-uw FreeBSD Security Officer (Apr 24)
- piranha default password/exploit Max Vision (Apr 24)

(Thread continues...)