lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1830E3E7BB613147A6379B2F61B9EA891CF32803@mail.medimpact.com>
Date: Tue Jul  5 22:21:26 2005
From: Glenn.Pitcher at MedImpact.com (Glenn Pitcher)
Subject: Solaris 9/10 ld.so fun

I compiled it using Workshop 10 and it doesn't give me root.  I'm on Solaris
9 w/ 112963-18.  Also tried using this on a Solaris 8 box and got the same
results.

bash-2.05$ !cc
cc -xarch=v8plus -xcode=pic32 -G -o /tmp/Schily-Root.so /tmp/Schily-Root.c
bash-2.05$ !export
export LD_AUDIT=/tmp/Schily-Root.so
bash-2.05$ su -
ld.so.1: su: warning: la_version: can't find symbol
ld.so.1: su: warning: /tmp/Schily-Root.so: audit initialization failure:
disabled

---
Glenn Pitcher
IT Security
MedImpact Healthcare Systems
San Diego, CA
858-790-7479
glenn.pitcher @ medimpact.com


> -----Original Message-----
> From: KF (lists) [mailto:kf_lists@...italmunition.com] 
> Sent: Saturday, July 02, 2005 5:29 PM
> To: full-disclosure@...ts.grok.org.uk
> Cc: Przemyslaw Frasunek; bugtraq@...urityfocus.com
> Subject: Re: [Full-disclosure] Solaris 9/10 ld.so fun
> 
> 
> Przemyslaw Frasunek wrote:
> 
> >Vulnerability was confirmed by Sun:
> >
> >http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1
> >
> >There are still no patches available, but workaround was proposed.
> >
> >  
> >
> 
> Here is an exploit for Schillix using venglin's mojo.
> -KF
> 
> 

------------------------------------------------------------------------------
This transmission, together with any attachments, is intended only for the use of those to whom it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law.  If you are not the intended recipient, you are hereby notified that any distribution or copying of this transmission is strictly prohibited.  If you received this transmission in error, please notify the original sender immediately and delete this message, along with any attachments, from your computer.
==============================================================================

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ