[16685] in bugtraq
Re: expoit for locale format string bug (Solaris 2.x)
daemon@ATHENA.MIT.EDU (Dan Harkless)
Mon Sep 11 01:48:54 2000
Message-ID: <200009082224.PAA19280@dilvish.speed.net>
Date: Fri, 8 Sep 2000 15:24:56 -0700
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Ejovi Nuwere <ejovi@EJOVI.NET> of "Fri, 08 Sep 2000
12:30:38 EDT."
<Pine.GSO.4.05.10009081224400.14076-100000@ejovi.net>
Ejovi Nuwere <ejovi@EJOVI.NET> writes:
> Posting broken code to a full discloser mailing list is as lame as
> mispelling "exploit" in your subject line. If you do not want people using
> your code, don't post it!
>
> It will be a matter of minutes before someone is giving out a working
> version on IRC and a day before someone will post a working version to
> bugtraq. Its not worth my time to look at code I know to be broken.
>
> On Fri, 8 Sep 2000, Warning3 wrote:
>
> > * Script kiddies: you should modify this code
> > * slightly by yourself. :)
Has anyone with a Sun support contract heard if a patch for this is
forthcoming?? As soon as a working version of this exploit is posted,
all administrators of Solaris systems that allow local user logins are going
to be in a world of hurt.
I just installed the latest 2.6_Recommended.tar.Z, dated "Sep 7 02:35", and
it doesn't appear to include a patch for this (though I can't be positive
without a working exploit to try before and after). Oddly, the latest
Solaris2.6.PatchReport is dated "Sep 1 16:15", prior to the latest
recommended patch cluster, and as you might expect, it doesn't seem to
mention any patches for this either.
I wish Sun would make a response in this forum so its customers (including
the ones without multi-thousand-dollar support contracts) would know what
the time window is for local users being able to easily get root.
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
