[10648] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Solaris libc exploit

daemon@ATHENA.MIT.EDU (Peter Harvey Solaris Sustaining En)
Wed May 26 14:53:04 1999

Mime-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-Md5: a38WnpcHVGP6CcyQ6119mQ==
Message-Id: <199905261120.MAA15848@otis.UK.Sun.COM>
Date: 	Wed, 26 May 1999 12:20:03 +0100
Reply-To: Peter Harvey Solaris Sustaining Engineering <peter.harvey@UK.Sun.COM>
From: Peter Harvey Solaris Sustaining Engineering <peter.harvey@UK.SUN.COM>
To: BUGTRAQ@NETSPACE.ORG

> 4118295 LC_* can be used to obtain root access from setuid programs

This is already fixed in Solaris 7 and the following patches for
Solaris 2.6:

  RELEASE     ARCH  PATCH
  5.6         i386  105211-06
  5.6         sparc 105210-06

The exploit referred to in this thread is in the same area (locales and
environment variables) but is different.

> I've tried to find the referenced bug description, but I wasn't able to
> find it on the Sunsolve KB.

We tend to be cautious about publishing our security bugs.

-- Peter
Sustaining Engineer, Solaris Software, Sun Microsystems
peter.harvey@uk.sun.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[10648] in bugtraq

Re: Solaris libc exploit

daemon@ATHENA.MIT.EDU (Peter Harvey Solaris Sustaining En)Wed May 26 14:53:04 1999

daemon@ATHENA.MIT.EDU (Peter Harvey Solaris Sustaining En)
Wed May 26 14:53:04 1999