[2851] in bugtraq
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
daemon@ATHENA.MIT.EDU (Jon Lewis)
Sun Jun 30 15:01:52 1996
Date: Sun, 30 Jun 1996 14:08:52 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.SV4.3.91.960630062925.24927A-100000@xcalibur>
On Sun, 30 Jun 1996, Andrew Liles wrote:
> > Exactly which versions of perl are susceptible to this? I tried
> > it using /usr/contrib/bin/perl on a BSD/OS 2.0 system as well as
> > /usr/bin/perl on FreeBSD 2.1/2.2 systems, and none gave a root shell.
>
> It seems to work on version 4 and 5 of suidperl. A regular non-suid perl
> does not have the vulnerability. So far, 3 machines that I have accounts
> on (all being linux boxes) have yielded root shells, but it seems that
I've tested perl 5.001 on Linux 1.2.x and IRIX 5.3 and gotten root.
Accounts on Solaris 2.5, AIX and BSDI 2.0 systems were not testable as the
Solaris and AIX ones had rm'd suidperl and the BSDI one had done a chmod
0000 suidperl...so I assume they were either vulnerable or just paranoid.
I didn't bother testing my linux 1.3.x or 2.0.0 boxes, but assumed they
were vulnerable and upgraded them all to 5.003.
------------------------------------------------------------------
Jon Lewis | Mime attachments are OK
jlewis@inorganic5.fdt.net | But please ask before sending
http://inorganic5.fdt.net | unsolicited huge files.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______
