[2859] in bugtraq
Re: BoS: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd)
daemon@ATHENA.MIT.EDU (John-David Childs)
Mon Jul 1 00:33:10 1996
Date: Sun, 30 Jun 1996 21:58:04 -0600
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: John-David Childs <jdc@ISM.NET>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199606302119.RAA25004@nyiq.net>
On Sun, 30 Jun 1996, Kai wrote:
> Brian Tao wrote:
>
> > On Sun, 30 Jun 1996, Dan Polivy wrote:
> > >
> > On a BSD/OS 2.0 system, running the script produces "Can't swap
> > uid and euid.". The exploit works on my FreeBSD systems from 2.1R
> > through to 2.2-960501-SNAP. 2.2-960612-SNAP appears to have already
> > fixed the problem. I imagine the recent 2.1.5 snapshots are not
> > vulnerable either, but I haven't had a chance to verify.
> > --
>
> execution on my system results in a 'Insecure PATH at ./blah line 3.' ,
> no matter what program exec is calling in the exploit script.
> Why is that ?
>
>
Try #!/usr/bin/suidperl -U (you probably don't have -U)
As others have stated, 2.1-STABLE proved vulnerable on my system, but BSDi
2.0/2.01 was not.
--
John-David Childs www.marsweb.com/www.ism.net
System Administrator Internet Services Montana (406)721-6277
& Network Engineer M@RSWeb - Montana's PREMIER Web Site
"I used up all my sick days....so I'm calling in dead"
