Bugtraq mailing list archives
[security () slackware com: [slackware-security] Perl root exploit in Slackware 7.1 & -current]
From: White Vampire <whitevampire () mindless com>
Date: Sun, 3 Sep 2000 15:12:44 -0400
I had fixed this manually, as have a lot of people. Nevertheless, this should still be of interest. Regards, -- __ ______ ____ / \ / \ \ / / White Vampire\Rem \ \/\/ /\ Y / http://www.projectgamma.com/ \ / \ / http://www.webfringe.com/ \__/\ / \___/ http://www.gammaforce.org/ \/ "Silly hacker, root is for administrators."
--- Begin Message --- From: Slackware Security Team <security () slackware com>
Date: Sat, 2 Sep 2000 15:59:25 -0700 (PDT)
A root exploit was found in the /usr/bin/suidperl5.6.0 program that shipped with the Slackware 7.1 perl.tgz package. It is recommended that all users of Slackware 7.1 (and -current) upgrade to the perl.tgz package available in the Slackware -current branch. ==================================== perl 5.6.0 AVAILABLE - (d1/perl.tgz) ==================================== The root exploit in /usr/bin/suidperl5.6.0 has been patched. Hack attempts are now logged to /var/log/syslog. The new perl.tgz package is available from: ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/d1/ Here are the md5sums and checksums for the packages: 1027099174 6464627 ./perl.tgz 0dfc1c46e3dd22033850fc69928588ec ./perl.tgz INSTALLATION INSTRUCTIONS FOR THE perl.tgz PACKAGE: --------------------------------------------------- If you have downloaded the new perl.tgz package, you should bring the system into runlevel 1 and run upgradepkg on it: # telinit 1 # upgradepkg perl.tgz # telinit 3 Remember, it's also a good idea to backup configuration files before upgrading packages. - Slackware Linux Security Team http://www.slackware.com
--- End Message ---
Attachment:
_bin
Description:
Current thread:
- [security () slackware com: [slackware-security] Perl root exploit in Slackware 7.1 & -current] White Vampire (Sep 03)