[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1830E3E7BB613147A6379B2F61B9EA891CF32803@mail.medimpact.com>
Date: Tue Jul 5 22:21:26 2005
From: Glenn.Pitcher at MedImpact.com (Glenn Pitcher)
Subject: Solaris 9/10 ld.so fun
I compiled it using Workshop 10 and it doesn't give me root. I'm on Solaris
9 w/ 112963-18. Also tried using this on a Solaris 8 box and got the same
results.
bash-2.05$ !cc
cc -xarch=v8plus -xcode=pic32 -G -o /tmp/Schily-Root.so /tmp/Schily-Root.c
bash-2.05$ !export
export LD_AUDIT=/tmp/Schily-Root.so
bash-2.05$ su -
ld.so.1: su: warning: la_version: can't find symbol
ld.so.1: su: warning: /tmp/Schily-Root.so: audit initialization failure:
disabled
---
Glenn Pitcher
IT Security
MedImpact Healthcare Systems
San Diego, CA
858-790-7479
glenn.pitcher @ medimpact.com
> -----Original Message-----
> From: KF (lists) [mailto:kf_lists@...italmunition.com]
> Sent: Saturday, July 02, 2005 5:29 PM
> To: full-disclosure@...ts.grok.org.uk
> Cc: Przemyslaw Frasunek; bugtraq@...urityfocus.com
> Subject: Re: [Full-disclosure] Solaris 9/10 ld.so fun
>
>
> Przemyslaw Frasunek wrote:
>
> >Vulnerability was confirmed by Sun:
> >
> >http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1
> >
> >There are still no patches available, but workaround was proposed.
> >
> >
> >
>
> Here is an exploit for Schillix using venglin's mojo.
> -KF
>
>
------------------------------------------------------------------------------
This transmission, together with any attachments, is intended only for the use of those to whom it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any distribution or copying of this transmission is strictly prohibited. If you received this transmission in error, please notify the original sender immediately and delete this message, along with any attachments, from your computer.
==============================================================================
Powered by blists - more mailing lists