[2863] in bugtraq
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
daemon@ATHENA.MIT.EDU (Patrick)
Mon Jul 1 13:51:21 1996
Date: Mon, 1 Jul 1996 07:58:12 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Patrick <patrick@chloe.dmv.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.LNX.3.91.960630135536.15516s-100000@inorganic5.chem.ufl.edu>
Seems that platform doesn't matter, (even on Irix 5.3 with the option to
not execute suid script files, which took 5 seconds to work-around) but
the version of Perl installed on the system. Is it version 5.003 that fixes
the problem?
------------------------------------------------------------------------------
Patrick Ferguson - Systems Administrator patrick@dmv.com
DelMarVa OnLine! - Salisbury, MD
On Sun, 30 Jun 1996, Jon Lewis wrote:
> On Sun, 30 Jun 1996, Andrew Liles wrote:
>
> > > Exactly which versions of perl are susceptible to this? I tried
> > > it using /usr/contrib/bin/perl on a BSD/OS 2.0 system as well as
> > > /usr/bin/perl on FreeBSD 2.1/2.2 systems, and none gave a root shell.
> >
> > It seems to work on version 4 and 5 of suidperl. A regular non-suid perl
> > does not have the vulnerability. So far, 3 machines that I have accounts
> > on (all being linux boxes) have yielded root shells, but it seems that
>
> I've tested perl 5.001 on Linux 1.2.x and IRIX 5.3 and gotten root.
> Accounts on Solaris 2.5, AIX and BSDI 2.0 systems were not testable as the
> Solaris and AIX ones had rm'd suidperl and the BSDI one had done a chmod
> 0000 suidperl...so I assume they were either vulnerable or just paranoid.
>
> I didn't bother testing my linux 1.3.x or 2.0.0 boxes, but assumed they
> were vulnerable and upgraded them all to 5.003.
>
> ------------------------------------------------------------------
> Jon Lewis | Mime attachments are OK
> jlewis@inorganic5.fdt.net | But please ask before sending
> http://inorganic5.fdt.net | unsolicited huge files.
> ________Finger jlewis@inorganic5.fdt.net for PGP public key_______
>
