[2860] in bugtraq
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
daemon@ATHENA.MIT.EDU (DANIEL .D .EZEKIEL)
Mon Jul 1 01:14:26 1996
Date: Mon, 1 Jul 1996 10:03:06 +0500
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: "DANIEL .D .EZEKIEL" <danny@protocol.ece.iisc.ernet.in>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <9606302051.AA01539@albano> from "Casper Dik" at Jun 30,
96 10:51:55 pm
>
> >I've tested perl 5.001 on Linux 1.2.x and IRIX 5.3 and gotten root.
> >Accounts on Solaris 2.5, AIX and BSDI 2.0 systems were not testable as the
> >Solaris and AIX ones had rm'd suidperl and the BSDI one had done a chmod
> >0000 suidperl...so I assume they were either vulnerable or just paranoid.
>
> On Solaris 2.x you won't get suidperl installed unless you lie to configure.
> Solaris 2.x supports set-uid scripts securely and doesn't need suidperl.
>
> (After lying to configure you can build a suidperl which is indeed
> vulnerable as Solaris 2.x has POSIX saved ids.)
>
>
suidperl doesnt give root in solarix ,ultrix sunox as well as epix
but works fine for linix1.2.x
