[20251] in bugtraq
Re: Solaris ipcs vulnerability
daemon@ATHENA.MIT.EDU (Robert Sink)
Tue Apr 17 04:08:27 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15067.23174.388984.783662@tempermental.cbl.umces.edu>
Date: Mon, 16 Apr 2001 16:48:06 -0400
Reply-To: Robert Sink <sinkr@CBL.UMCES.EDU>
From: Robert Sink <sinkr@CBL.UMCES.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <rickert+bt@CS.NIU.EDU> Monday, 16 Apr 2001 07:43:04 -0500
I've tried:
TZ=`/usr/local/bin/perl -e 'print "A"x1107'`
...on... both 64 bit Solaris 8 and Solaris 7 (we have no 32 bit
machines here) and cannot get the programs to crash. They just
happily display the A's, plus the other information and exit normally.
Solaris 7: SunOS xxx 5.7 Generic_106541-12 sun4u sparc
Solaris 8: SunOS xxx 5.8 Generic_108528-05 sun4u sparc
I keep the patches on the bleeding edge, but I can find nothing
offhand in the latest patchdiag.xref that would have altered this.
Am I missing something?
--
Robert Sink - Asst. Dept. Head - Computer/Network Services
Univ. of Maryland Chesapeake Biological Laboratory - Solomons, MD.
[o] 410/326-7306
On Apr 16, Neil W Rickert (rickert+bt@CS.NIU.EDU) wrote:
>
> This might be a matter of looking in the wrong place.
>
> For programs where there are both 32bit and 64bit versions, the
> program you see might be a stub that invokes the real program.
> For example, on 32-bit solaris 8, what is actually run is
>
> -r-xr-sr-x 1 root sys 10740 Jan 5 2000 /usr/bin/sparcv7/ipcs
>
> That is sgid.
>
> -NWR
