Atro Tossavainen <[EMAIL PROTECTED]> writes:
> > I tested the exploit against a current IRIX release (6.5.11) and found
> > it not to be vulnerable.
>
> How exactly did you find 6.5.11 not to be vulnerable?
>
> I tried the sploit on 6.5.10 and didn't get root. It complained about
> the lack of the ListAllPrinters symbol.
>
> Add the symbol in the sploit code, recompile, try again. 6.5.10 is
> vulnerable, is 6.5.11?
I'd be interested in seeing what symbol you added: here's a test on
6.5.5:
mybox 27% uname -R
6.5 6.5.5m
mybox 28% id
uid=45731(dsouth) gid=40
mybox 29% ./xnetprint /bin/sh
[(IRIX)netprint[] local root exploit, by: v9[[EMAIL PROTECTED]]. ]
[*] making symbols source file for netprint to execute.
[*] done, now compiling symbols source file.
[*] done, now checking to see if the symbols source compiled.
[*] done, now executing netprint.
netprint: this command for use only by LP Administrators
mybox 30% id
uid=45731(dsouth) gid=40
If I run the above as root, I do get the complaint about a missing
ListAllPrinters symbol, but requiring root seems a bit
counter-productive for a sploit. ;-)
--
/* Dale Southard Jr. [EMAIL PROTECTED] 925-422-1463 */
/* Computer Scientist, Accelerated Strategic Computing Initiative */
/* L-550, Lawrence Livermore National Lab, Livermore CA 94551 */
/* AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving */
