[39323] in bugtraq
Re: [Full-disclosure] Solaris 9/10 ld.so fun
daemon@ATHENA.MIT.EDU (Piotr KUCHARSKI)
Tue Jun 28 16:21:46 2005
Date: Tue, 28 Jun 2005 19:48:59 +0200
From: Piotr KUCHARSKI <chopin@sgh.waw.pl>
To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20050628174858.GC20707@sgh.waw.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <42C177FE.1030407@freebsd.lublin.pl>
On Tue, Jun 28, 2005 at 06:17:02PM +0200, Przemyslaw Frasunek wrote:
> This vulnerability was introduced by one of the recent patches for Solaris 9,
> possibly 112963. Ld.so patched with 112963-08 is not vulnerable -- it does
> not allow LD_AUDIT for set[ug]id binaries, but upgrading to 112963-16
> definitly makes ld.so exploitable.
Just patchrm-ed 112963-19 to -12, it is not working anymore.
p.
--
Beware of he who would deny you access to information, for in his
heart he dreams himself your master. -- Commissioner Pravin Lal
http://nerdquiz.sgh.waw.pl/ -- polska wersja quizu dla nerdów ;)
