[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
From: Casper Dik <casper () holland ! Sun ! COM>
Date: 1996-06-30 22:51:55
[Download RAW message or body]
>I've tested perl 5.001 on Linux 1.2.x and IRIX 5.3 and gotten root.
>Accounts on Solaris 2.5, AIX and BSDI 2.0 systems were not testable as the
>Solaris and AIX ones had rm'd suidperl and the BSDI one had done a chmod
>0000 suidperl...so I assume they were either vulnerable or just paranoid.
On Solaris 2.x you won't get suidperl installed unless you lie to configure.
Solaris 2.x supports set-uid scripts securely and doesn't need suidperl.
(After lying to configure you can build a suidperl which is indeed
vulnerable as Solaris 2.x has POSIX saved ids.)
Casper
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic