[6589] in bugtraq
Re: Buffer overflows in Solaris 2.6 ufsdump and ufsrestore
daemon@ATHENA.MIT.EDU (Eugene Bradley)
Thu Apr 23 22:49:31 1998
Date: Thu, 23 Apr 1998 20:50:53 +0000
Reply-To: eugene.bradley@erols.com
From: Eugene Bradley <eugene.bradley@EROLS.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <01BD6ED3.AF53C720@d17216-40158.bqr.quick-reilly-group.com>
I confirmed the segmentation fault for Solaris 2.6 SPARC on a Sun
Ultra Enterprise 2 box running Solaris 2.6 with the current
(4/8) recommended & security patch cluster, plus the following
patches specific to ufsdump and ufsrestore [1]:
105722-01: SunOS 5.6: /usr/lib/fs/ufs/ufsdump patch
105724-01: SunOS 5.6: /usr/lib/fs/ufs/ufsrestore patch
I have an open ticket with SunService on this vulnerability.
Best fix I know of for now:
chmod ug-s /usr/lib/fs/ufs/ufsdump
chmod u-s /usr/lib/fs/ufs/ufsrestore
Unfortunately, my job doesn't use gcc for development, so I was
unable to compile ufsdump.c at all to test for tty or even
root shell exploitation.
--
Eugene Bradley
eugene.bradley@geocities.com (Personal ONLY!)
http://www.geocities.com/SiliconValley/Haven/9323/
[1]You need a SunService contract *and* a valid registration at
http://sunsolve.sun.com/sunsolve/contractservices.html to
obtain these patches.
--
Eugene Bradley
eugene.bradley@erols.com (Personal ONLY!)
eugenebradley@geocities.com (everything else)
http://www.geocities.com/SiliconValley/Haven/9323/
