[7674] in bugtraq
Re: solaris 2.x rdist exploit/ too many humbles :P
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Aug 14 15:07:11 1998
Date: Fri, 14 Aug 1998 20:16:40 +0200
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Fri, 14 Aug 1998 12:07:46 EDT."
<Pine.GSO.3.96.980814115719.2094A-100000@alleycat.vpi.hydro.qc.ca>
>John Mcdonald wrote:
>>
>> Enclosed is an exploit for a hole in Solaris rdist that I believe the
>> patch #105667-01 adresses. That patch is for 2.6. I've personally tested
>> the exploit on 2.6, 2.5.1, and 2.5 machines.
>
>I've tested the rdist exploit on a Sparc 20 w/ Solaris 2.6 unpatched, and
>it works. It is foiled however by adding "set noexec_user_stack=1" to
>/etc/system.
For those unfamiliar with the feature, also try "set noexec_user_stack_log =1";
it will cause messages to be logged in such cases.
Casper
