[856] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd)

daemon@ATHENA.MIT.EDU (Alan Cox)
Thu Jun 27 11:22:23 1996

From: iialan@iifeak.swan.ac.uk (Alan Cox)
To: jlewis@inorganic5.fdt.net (Jon Lewis)
Date: Thu, 27 Jun 1996 10:50:24 +0100 (BST)
Cc: linux-security@tarsier.cv.nrao.edu, linux-alert@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.960626155616.15516p-100000@inorganic5.chem.ufl.edu> from "Jon Lewis" at Jun 26, 96 04:10:24 pm

> Has anyone verified yet whether this is a problem on Linux boxes across 
> the world?

Yes it is. And when you fix it watch that you get both sperl5.001 and suidperl

> Linux
> =====
>         Linux 1.2 and 2.0 support saved set-user-id.
> 
>         Most distributions of Linux provide suidperl and sperl.
> 
>         The fixsperl script works on linux, and it is recommended that this
>         fix be applied until a new Perl release is made.
> 


home help back first fref pref prev next nref lref last post