[10547] in bugtraq
Re: Solaris2.6,2.7 dtprintinfo exploits
daemon@ATHENA.MIT.EDU (Darren J Moffat - Enterprise Servi)
Fri May 14 11:56:23 1999
Mime-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-Md5: tIMrsiOUjoC0R03XxdgfXQ==
Message-Id: <199905141403.PAA07547@clem.uk>
Date: Fri, 14 May 1999 15:03:42 +0100
Reply-To: Darren J Moffat - Enterprise Services OS Product Support Group <darren.moffat@uk.sun.com>
From: Darren J Moffat - Enterprise Services OS Product Support Group <darren.moffat@UK.SUN.COM>
X-To: yuuzy@USA.NET
To: BUGTRAQ@NETSPACE.ORG
>"dtprintinfo" is suid program, the stack buffer can be overflowed by '-p'
>option. I made an exploit program that can get root for Intel edition of
>Solaris2.6 and Solaris 2.7.
>Please test it.
>If you test this program, please set DISPLAY environment correctly
>before execution.
This is Sun Bug# 4139394 which has been fixed in the current development
release. Patches for Solaris 2.6 and Solaris 7 (ie CDE 1.2 and CDE 1.3)
are currently in development.
As an aside there is no indication in any of our databases that you
made any attempt to contact Sun before publishing this publicly, please
give us a chance first.
Thanks
--
Darren J Moffat
