Bugtraq mailing list archives
Re: Solaris 7 x86 lpset exploit.
From: eugene () TSU RU (Eugene Ilchenko)
Date: Thu, 27 Apr 2000 08:34:26 +0700
Hello! Andrew Brown wrote:
There is a sparc version avail for this bug, the bug was discovered by duke some time ago.just for people who don't know...or have forgotten...putting this: set noexec_user_stack = 1 set noexec_user_stack_log = 1
Just look at http://secinf.net/info/unix/stack.txt for an explanation how to remake the exploit code, to avoid these settings. This text where sent to the Bagtraq sometime ago.
in your /etc/system file protects you against this. it doesn't fix the bug, but it stops the effects from being quite so "bad".
Yes, this method is very good, alas it could not be a panacea :((( -- ------------------------------------------------------ Eugene S. Ilchenko, System Network Administrator http://secinf.net/
Current thread:
- Solaris x86 Xsun overflow., (continued)
- Solaris x86 Xsun overflow. Theodor Ragnar Gislason (Apr 24)
- Solaris 7 x86 lp exploit Theodor Ragnar Gislason (Apr 24)
- Re: Solaris 7 x86 lp exploit Laurent LEVIER (Apr 24)
- Re: netkill - generic remote DoS attack stanislav shalunov (Apr 24)
- Solaris 7 x86 lpset exploit. Theodor Ragnar Gislason (Apr 24)
- Re: Solaris 7 x86 lpset exploit. Laurent LEVIER (Apr 24)
- Re: Solaris 7 x86 lpset exploit. Theodor Ragnar Gislason (Apr 25)
- Re: Solaris 7 x86 lpset exploit. Andrew Brown (Apr 26)
- Modifying NT credential and RAZOR's analysis of dvwsrr.dll Iván Arce (Apr 26)
- Re: Solaris 7 x86 lpset exploit. Len Rose (Apr 26)
- Re: Solaris 7 x86 lpset exploit. Eugene Ilchenko (Apr 26)
- Cisco HTTP possible bug: Keith Woodworth (Apr 26)
- Alert: Cart32 secret password backdoor (CISADV000427) Cerberus Security Team (Apr 26)
- Re: Alert: Cart32 secret password backdoor (CISADV000427) Bill Borton (Apr 28)
- Re: Alert: Cart32 secret password backdoor (CISADV000427) Knud Erik Højgaard (Mar 30)
- Re: Solaris 7 x86 lpset exploit. Laurent LEVIER (Apr 24)
- Re: Solaris 7 x86 lpset exploit. Jor (Apr 27)
- Re: Solaris 7 x86 lpset exploit. Casper Dik (Apr 28)