[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] suid perl - 2 month old hazard

Subject: Re: [cobalt-users] suid perl - 2 month old hazard
From: flash22@xxxxxxx
Date: Tue Nov 13 09:39:10 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Tue, 13 Nov 2001, Arsalan Mahmud wrote:

> Hi,
>   Well I have been sitting on this for over a month now since we found it on one of our hacked raq3's (thank god it was not wiped out or 

> save as "xperl.sh" and run with "perl xperl.sh" from a command prompt to get root..

> If you think i was wrong of me to send this ...  
  well if our security can be compromised, it can be yours...

Probably doesn't matter, this one has been floating around for a bit, it's
on the security pages as xperl.sh ;0

Needs perl 5.00503 or lower ... does the raq even need suidperl for
anything?

It also exploits /bin/mail, go figure

gsh

References:
- [cobalt-users] suid perl - 2 month old hazard
  - From: Arsalan Mahmud

Prev by Date: [cobalt-users] PHP upgrade on raq3??:wq
Next by Date: Re: [cobalt-users] RaQ2 emergency help
Previous by thread: [cobalt-users] suid perl - 2 month old hazard
Next by thread: Re: [cobalt-users] suid perl - 2 month old hazard

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index