Date: 01 Aug 1997 18:51:31 -0700 From: Faried Nawaz <fn@Hungry.COM> To: tom@sdf.com (Tom Samplonius) Cc: freebsd-hackers@freebsd.org Subject: Re: security hole on FreeBSD 2.2.2 Message-ID: <lw4t99e4ik.fsf@terror.hungry.com> In-Reply-To: tom@sdf.com's message of 1 Aug 1997 18:34:08 -0700 References: <Pine.LNX.3.91.970801202857.3568G-100000@zen.cypher.net> <Pine.BSF.3.95q.970801172516.8042C-100000@misery.sdf.com>
next in thread | previous in thread | raw e-mail | index | archive | help
tom@sdf.com (Tom Samplonius) writes: On Fri, 1 Aug 1997, Ben Black wrote: > exactly. i have no clue what this guy is talking about. Exactly. It looks like this guy installed some bogus software, probably setuid to root, that has a gaping hole in it. Tom The "bogus" software is called suidperl. There are known exploits for it that'll work on 2.2.2-RELEASE: % ls -li sperl4036 /usr/bin/suidperl /usr/bin/sperl4.036 7749 ---s--x--x 2 root bin 282624 May 20 03:32 /usr/bin/sperl4.036 7749 ---s--x--x 2 root bin 282624 May 20 03:32 /usr/bin/suidperl 184410 -rwx------ 1 fn user 8846 Aug 1 18:43 sperl4036 % id uid=297(fn) gid=29(user) groups=29(user), 0(wheel), 7(bin) % ./sperl4036 # id uid=297(fn) euid=0(root) gid=29(user) groups=29(user), 0(wheel), 7(bin) # exit % uname -r 2.2.2-RELEASE % For obvious reasons, I won't be posting the exploit. Note that a similar exploit exists for certain versions of Perl 5. Your choices are: 1. remove the suid bit on sperl4.036, and 2. upgrade to 2.2-STABLE. faried. -- faried nawaz box 3582, moscow id 83843-1914
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lw4t99e4ik.fsf>