[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] suid perl - 2 month old hazard
- Subject: [cobalt-users] suid perl - 2 month old hazard
- From: Barbara - <thebizworkers@xxxxxxxxx>
- Date: Tue Nov 13 15:09:04 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
>For this exploit to work, you need
>to have /usr/bin/suidperl setuid.
>We do not ship suidperl setuid. We do
>ship the binary, but purposely removed
>the suid bit on the program because it
>was not needed. This exploit will not
>work unless you have changed permissions
>on the suidperl binary.
Okay now, correct me if I'm wrong, but on my RaQ's,
SUID **IS** set on this file by default:
-rws--x--x 2 root root 517916 Apr 6 1999 suidperl
It was my understanding that any file with the 's' in
the permission mode of the binary (-rws--x--x) is
built with the SUID bit set to *ON* -and- usually
removing the SUID bit on a binary will almost
certainly always break something.
This poster noted that they found this exploit on a
hacked RaQ3 and stated "it works on all the raq3's we
had". So I got nosey and checked my boxes and found
that *YES* indeed SUID bit *IS* set on this file by
default.
I have not installed ANY software on ANY of these
machines short of all Cobalt patches and the Neomail
pkg and a firewall - not even so much as PHP and/or
mySQL -all clean machines right out of the shipping
box.
So...
1) Are these boxes indeed vulnerable to this exploit
or not?
2) Doesn't one need command line to run this exploit?
Barb
__________________________________________________
Do You Yahoo!?
Find the one for you at Yahoo! Personals
http://personals.yahoo.com