[20276] in bugtraq
Re: Solaris ipcs vulnerability
daemon@ATHENA.MIT.EDU (Dan Astoorian)
Tue Apr 17 16:16:29 2001
Message-ID: <01Apr17.115231edt.453131-20163@jane.cs.toronto.edu>
Date: Tue, 17 Apr 2001 11:52:23 -0400
Reply-To: Dan Astoorian <djast@CS.TORONTO.EDU>
From: Dan Astoorian <djast@CS.TORONTO.EDU>
X-To: Neil W Rickert <rickert+bt@CS.NIU.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Mon, 16 Apr 2001 08:43:04 EDT."
<16319.987424984@euclid.cs.niu.edu>
On Mon, 16 Apr 2001 08:43:04 EDT, Neil W Rickert writes:
> Scott Howard <scott@DOC.NET.AU> wrote:
>
> >Solaris 8 (Sparc at least) is not affected as ipcs is not suid/sgid.
>
> This might be a matter of looking in the wrong place.
>
> For programs where there are both 32bit and 64bit versions, the
> program you see might be a stub that invokes the real program.
> For example, on 32-bit solaris 8, what is actually run is
>
> -r-xr-sr-x 1 root sys 10740 Jan 5 2000 /usr/bin/sparcv7/ipcs
Unless patch 109238-01 (sparc) or 109239-01 (x86) is installed--and that
patch has been in the past few MU's--in which case it's:
-r-xr-xr-x 1 root bin 14236 Mar 30 2000 /usr/bin/sparcv7/ipcs
--
Dan Astoorian People shouldn't think that it's better to have
Sysadmin, CSLab loved and lost than never loved at all. It's
djast@cs.toronto.edu not, it's better to have loved and won. All
www.cs.toronto.edu/~djast/ the other options really suck. --Dan Redican
