| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Mar 2004 11:34:28 +0100 From: Casper Dik <casper@...land.sun.com> To: Dave Aitel <dave@...unitysec.com> Cc: bugtraq@...urityfocus.com Subject: Re: Immunity Advisory: Solaris local kernel root >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Immunity Research has released an Advisory from the Vulnerability >Sharing Club into the public domain. This advisory can be found at >http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf > >Technical Summary: There is a vulnerability in Solaris that allows >local users to load kernel modules without being root. This is handy >for getting around things like Argus Pitbull (if it still existed) or >Okena or Entercept or anything like that, or simply for just taking >root. An exploit for this was released as part of the Shellcoder's >Handbook. > >There is a Solaris patch that appears to make this exploit ineffective. >http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57479&zone_32=category%3Asecurity I wonder why you even bother publishing this; at the time the document claims to have been written, half the listed Solaris revisions had already patches out for them; Solaris 10, which technically doesn't exist yet, had the bug already fixed in its most recent Solaris Express builds. But thanks for including the reference to the Sun Alert; that should prevent this from being to large a blip on the SunService radar screen. Casper
Powered by blists - more mailing lists