[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Solaris libc exploit
From: Peter Harvey Solaris Sustaining Engineering <peter.harvey () UK ! Sun ! COM>
Date: 1999-05-26 11:20:03
[Download RAW message or body]
> 4118295 LC_* can be used to obtain root access from setuid programs
This is already fixed in Solaris 7 and the following patches for
Solaris 2.6:
RELEASE ARCH PATCH
5.6 i386 105211-06
5.6 sparc 105210-06
The exploit referred to in this thread is in the same area (locales and
environment variables) but is different.
> I've tried to find the referenced bug description, but I wasn't able to
> find it on the Sunsolve KB.
We tend to be cautious about publishing our security bugs.
-- Peter
Sustaining Engineer, Solaris Software, Sun Microsystems
peter.harvey@uk.sun.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic