Re: expoit for locale format string bug (Solaris 2.x)

[Dan Harkless <dan-bugtraq () DILVISH SPEED NET>]

Ejovi Nuwere <ejovi () EJOVI NET> writes:
> Posting broken code to a full discloser mailing list is as lame as
> mispelling "exploit" in your subject line. If you do not want people using
> your code, don't post it!
>
> It will be a matter of minutes before someone is giving out a working
> version on IRC and a day before someone will post a working version to
> bugtraq. Its not worth my time to look at code I know to be broken.
>
> On Fri, 8 Sep 2000, Warning3 wrote:
>
> >  * Script kiddies: you should modify this code
> >  * slightly by yourself. :)

Has anyone with a Sun support contract heard if a patch for this is
forthcoming??  As soon as a working version of this exploit is posted,
all administrators of Solaris systems that allow local user logins are going
to be in a world of hurt.

I just installed the latest 2.6_Recommended.tar.Z, dated "Sep  7 02:35", and
it doesn't appear to include a patch for this (though I can't be positive
without a working exploit to try before and after).  Oddly, the latest
Solaris2.6.PatchReport is dated "Sep  1 16:15", prior to the latest
recommended patch cluster, and as you might expect, it doesn't seem to
mention any patches for this either.

I wish Sun would make a response in this forum so its customers (including
the ones without multi-thousand-dollar support contracts) would know what
the time window is for local users being able to easily get root.

----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq () dilvish speed net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.