[20479] in bugtraq
Re: IRIX /usr/lib/print/netprint local root symbols exploit.
daemon@ATHENA.MIT.EDU (Dale Southard)
Fri Apr 27 02:43:05 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <ub6bspj6zy8.fsf@zonker.llnl.gov>
Date: Thu, 26 Apr 2001 15:47:27 -0700
Reply-To: Dale Southard <southard1@LLNL.GOV>
From: Dale Southard <southard1@LLNL.GOV>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010426055110.18258.qmail@securityfocus.com>
No news here.
The author's site indicates that he found the bug under IRIX 6.2.
That release of IRIX is around 5 years old. SGI released a Security
Advisory on the netprint issue in December of 1996 which included
information on a patch which fixes it. See SGI's security site at:
http://www.sgi.com/support/security/index.html
I tested the exploit against a current IRIX release (6.5.11) and found
it not to be vulnerable.
Rule of thumb: If your sysadmin hasn't done an OS upgrade or applied
patches in over four years, there are likely to be some significant
security issues.
v9@REALHALO.ORG writes:
> i haven't audited anything in some time. well, i
> just noticed this because i am doing a project
> with a name similar to "netprint" and i was
> wondering if it was at all related to what i was
> doing. it wasn't. but, i noticed it was setuid
> root and had a little bug.
>
> this bug takes advantage of the -n option witch
> has a bug that allows for arbitrary commands to be
> executed.
>
> exploit source code:
> http://realhalo.org/xnetprint.c
>
> Vade79 -> v9@realhalo.org -> realhalo.org.
--
/* Dale Southard Jr. southard1@llnl.gov 925-422-1463 */
/* Computer Scientist, Accelerated Strategic Computing Initiative */
/* L-550, Lawrence Livermore National Lab, Livermore CA 94551 */
/* AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving */
