Date: 01 Aug 1997 18:51:31 -0700 From: Faried Nawaz <fn@Hungry.COM> To: tom@sdf.com (Tom Samplonius) Cc: freebsd-hackers@freebsd.org Subject: Re: security hole on FreeBSD 2.2.2 Message-ID: <lw4t99e4ik.fsf@terror.hungry.com> In-Reply-To: tom@sdf.com's message of 1 Aug 1997 18:34:08 -0700 References: <Pine.LNX.3.91.970801202857.3568G-100000@zen.cypher.net> <Pine.BSF.3.95q.970801172516.8042C-100000@misery.sdf.com>
next in thread | previous in thread | raw e-mail | index | archive | help
tom@sdf.com (Tom Samplonius) writes:
On Fri, 1 Aug 1997, Ben Black wrote:
> exactly. i have no clue what this guy is talking about.
Exactly. It looks like this guy installed some bogus software, probably
setuid to root, that has a gaping hole in it.
Tom
The "bogus" software is called suidperl. There are known exploits for
it that'll work on 2.2.2-RELEASE:
% ls -li sperl4036 /usr/bin/suidperl /usr/bin/sperl4.036
7749 ---s--x--x 2 root bin 282624 May 20 03:32 /usr/bin/sperl4.036
7749 ---s--x--x 2 root bin 282624 May 20 03:32 /usr/bin/suidperl
184410 -rwx------ 1 fn user 8846 Aug 1 18:43 sperl4036
% id
uid=297(fn) gid=29(user) groups=29(user), 0(wheel), 7(bin)
% ./sperl4036
# id
uid=297(fn) euid=0(root) gid=29(user) groups=29(user), 0(wheel), 7(bin)
# exit
% uname -r
2.2.2-RELEASE
%
For obvious reasons, I won't be posting the exploit. Note that a similar
exploit exists for certain versions of Perl 5.
Your choices are: 1. remove the suid bit on sperl4.036, and 2. upgrade to
2.2-STABLE.
faried.
--
faried nawaz
box 3582, moscow id 83843-1914
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lw4t99e4ik.fsf>