[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] suid perl - 2 month old hazard

Subject: Re: [cobalt-users] suid perl - 2 month old hazard
From: "Arsalan Mahmud" <arsalan@xxxxxxxxxxxx>
Date: Wed Nov 14 03:10:58 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

*lol*

yeah its old, but wheres its fix from cobalt? 

> On Tue, 13 Nov 2001, Arsalan Mahmud wrote:
> 
> > Hi,
> >   Well I have been sitting on this for over a month now since we 
found it on one of our hacked raq3's (thank god it was not wiped out or 
> 
> > save as "xperl.sh" and run with "perl xperl.sh" from a command 
prompt to get root..
> 
> > If you think i was wrong of me to send this ...  
>   well if our security can be compromised, it can be yours...
> 
> Probably doesn't matter, this one has been floating around for a bit, 
it's
> on the security pages as xperl.sh ;0
> 
> Needs perl 5.00503 or lower ... does the raq even need suidperl for
> anything?
> 
> It also exploits /bin/mail, go figure
> 
> gsh
> 
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
> 
> 

-- 
Arsalan Mahmud
Nexus Technologies
http://www.nexus.net.pk

Follow-Ups:
- RE: [cobalt-users] suid perl - 2 month old hazard
  - From: Dan Kriwitsky

Prev by Date: [cobalt-users] IMAP & SSL
Next by Date: Re: [cobalt-users] Qube 3 - How to stop spam?
Previous by thread: Re: [cobalt-users] suid perl - 2 month old hazard
Next by thread: RE: [cobalt-users] suid perl - 2 month old hazard

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index