Re: [Full-disclosure] Solaris 9/10 ld.so fun
From: Piotr KUCHARSKI (chopin_at_sgh.waw.pl)
Date: 06/28/05
- Previous message: spam_at_drwetter.org: "Access right escalation / severe permission problems on Raritan Console Servers"
- In reply to: Przemyslaw Frasunek: "Re: [Full-disclosure] Solaris 9/10 ld.so fun"
- Next in thread: Charles Heselton: "RE: [Full-disclosure] Solaris 9/10 ld.so fun"
- Reply: Charles Heselton: "RE: [Full-disclosure] Solaris 9/10 ld.so fun"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jun 2005 19:48:59 +0200 To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
On Tue, Jun 28, 2005 at 06:17:02PM +0200, Przemyslaw Frasunek wrote:
> This vulnerability was introduced by one of the recent patches for Solaris 9,
> possibly 112963. Ld.so patched with 112963-08 is not vulnerable -- it does
> not allow LD_AUDIT for set[ug]id binaries, but upgrading to 112963-16
> definitly makes ld.so exploitable.
Just patchrm-ed 112963-19 to -12, it is not working anymore.
p.
-- Beware of he who would deny you access to information, for in his heart he dreams himself your master. -- Commissioner Pravin Lal http://nerdquiz.sgh.waw.pl/ -- polska wersja quizu dla nerdów ;)
- Previous message: spam_at_drwetter.org: "Access right escalation / severe permission problems on Raritan Console Servers"
- In reply to: Przemyslaw Frasunek: "Re: [Full-disclosure] Solaris 9/10 ld.so fun"
- Next in thread: Charles Heselton: "RE: [Full-disclosure] Solaris 9/10 ld.so fun"
- Reply: Charles Heselton: "RE: [Full-disclosure] Solaris 9/10 ld.so fun"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
