[2865] in bugtraq
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
daemon@ATHENA.MIT.EDU (martinh@MAILHOST.EMAP.CO.UK)
Mon Jul 1 15:52:07 1996
Date: Mon, 1 Jul 1996 14:59:23 +0000
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: martinh@MAILHOST.EMAP.CO.UK
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199606301337.GAA03694@locusts.Berkeley.EDU>
On Sun, 30 Jun 1996, Michael Constant wrote:
> > Exactly which versions of perl are susceptible to this? I tried
> > it using /usr/contrib/bin/perl on a BSD/OS 2.0 system as well as
> > /usr/bin/perl on FreeBSD 2.1/2.2 systems, and none gave a root shell.
>
> Any copy of perl which is setuid root (they're typically named "sperl*"
> or "suidperl"). The exploit does work on my FreeBSD 2.1.0-RELEASE system.
Breaks on Linux 1.3.20 here, using suidperl -U it dies with a SEGV, with
juts perl it gives me a shell with normal permissions
On 1.2.8 it _does_ work.
M.
##################################################################
# Martin Hargreaves (martin@datamodl.demon.co.uk) Computational #
# Director, Datamodel Ltd Chemist #
# Contract Unix system admin/Unix security Sysadmin #
##################################################################
