[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] suid perl - 2 month old hazard]
- Subject: Re: [cobalt-users] suid perl - 2 month old hazard]
- From: Jeff Lovell <jlovell@xxxxxxx>
- Date: Tue Nov 13 11:03:22 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Tue, 2001-11-13 at 08:12, Arsalan Mahmud wrote:
> Hi,
> Well I have been sitting on this for over a month now since we found it on one of our hacked raq3's (thank god it was not wiped out or
> tampered with), it works on all the raq3's we had and i guess this is the best way to get a patch out since upgrading the perl version just
> makes a mess of the cobalt frontend and a mail to cobalt dident get any responces for over 3 weeks now and not to forget, if it upgeade
> the server software from the comand prompt, the warenty goes viod.....
Thanks for bringing up this exploit, it is actually quite old (older
than two months), and you can get great details on it from
SecurityFocus.com (http://www.securityfocus.com/archive/1/74168 -
8.5.2000)
For this exploit to work, you need to have /usr/bin/suidperl setuid. We
do not ship suidperl setuid. We do ship the binary, but purposely
removed the suid bit on the program because it was not needed. This
exploit will not work unless you have changed permissions on the
suidperl binary.
I am curious about the communication problem as well. I would like to
know who you sent the email to, because regardless of the exploitable
nature of this issue, I am kept informed of these issues. The correct
address to send security issues to is (security@xxxxxxxxxx).
[exploit snipped]
Jeff
--
Jeff Lovell
Sun Microsystems Inc.