Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Apr 1997 09:15:25 -0700
From:      Cy Schubert <cy@cwsys.cwent.com>
To:        igor@alecto.physics.uiuc.edu (Igor Roshchin)
Cc:        Freebsd-security@freebsd.org, cschuber@uumail.gov.bc.ca
Subject:   Re: Buffer overflow in sperl5.003 (fwd) -- Is this relevant to FreeBSD ? 
Message-ID:  <199704201615.JAA11910@cwsys.cwent.com>
In-Reply-To: Your message of "Thu, 17 Apr 1997 23:02:07 CDT." <199704180402.XAA11899@alecto.physics.uiuc.edu> 

next in thread | previous in thread | raw e-mail | index | archive | help
On one of my 2.1.6 systems at home, all I got was segmentation violations
and bus errors, meaning if the right offset was used this exploit would
work.  Since sperl5.003 doesn't work on 2.1.x systems you're better off
deleting the binary.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
UNIX Support                   OV/VM:  BCSC02(CSCHUBER)
ITSD                          BITNET:  CSCHUBER@BCSC02.BITNET
Government of BC            Internet:  cschuber@uumail.gov.bc.ca
                                       cschuber@bcsc02.gov.bc.ca

		"Quit spooling around, JES do it."
> Hello!
> 
> Does anybody know if this hole exists on FreeBSD ?
> 
> Thanks!
> 
> IgoR
> 
> Forwarded message:
> >From owner-bugtraq@NETSPACE.ORG  Thu Apr 17 19:40:09 1997
> Approved-By: aleph1@UNDERGROUND.ORG
> MIME-Version: 1.0
> Content-Type: MULTIPART/MIXED; BOUNDARY="-242971389-615984271-861311469=:2466
2"
> Message-ID: <Pine.LNX.3.96.970417140348.24662A-101000@cray1.ecst.csuchico.edu
>
> Date: 	Thu, 17 Apr 1997 14:11:09 -0700
> Reply-To: Murphy <jtmurphy@CRAY1.ECST.CSUCHICO.EDU>
> Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
> From: Murphy <jtmurphy@CRAY1.ECST.CSUCHICO.EDU>
> Subject:      Buffer overflow in sperl5.003
> To: BUGTRAQ@NETSPACE.ORG
> 
>   This message is in MIME format.  The first part should be readable text,
>   while the remaining parts are likely unreadable without MIME-aware tools.
>   Send mail to mime@docserver.cac.washington.edu for more info.
> 
> ---242971389-615984271-861311469=:24662
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> 
>  Its came to my attention that there is a buffer overflow bug in
> sperl5.003 that will allow local users gain root access, if SUID root.
>  The exploit and bug was made and brought to my attention by Willy Tarreau
> (tarreau@aemiaif.ibp.fr).
>  Attached is the source for the exploit. Since it requires some work to
> be done to the compiled exploit (Stripping of 5 byte at the begining and
> end of the binary), the precompiled Linux x86 exploit can be found at
> http://www.ecst.csuchico.edu/~jtmurphy/localusers.html.
> 
> PS. Have a nice a day.
> 
> --
> ----------------------------------------------------------------------------
> Jason T. Murphy |  Finger for PGP Public Key  | jtmurphy@ecst.csuchico.edu
>   The Linux Security Home Page -> http://www.ecst.csuchico.edu/~jtmurphy
> Security buff, Linux Freak, PC Tech @ Chico State, and all around nice guy.
> 
> ---242971389-615984271-861311469=:24662
> Content-Type: APPLICATION/octet-stream; name="sperlexp.tgz"
> Content-Transfer-Encoding: BASE64
> Content-ID: <Pine.LNX.3.96.970417141109.24662B@cray1.ecst.csuchico.edu>
> Content-Description:
> 
> H4sIAFcBVTMAA+1a3W7bRhb2rWf3IY6VdCW5FEXq17Wboq5joNk2sRHL6AZt
> kY7IkTQIf7TDoSyi6GKBvepF36WPsBd7tcA+xD7G3u05Q0p2ksJuCltG0PkS
> WyJneOZwZr7znUMzmwsVtbfuFNDzhkMftgBgOOybT7/XM58VPIBBt9PveF7f
> G2Cr7/e7W9C/W7dK5JnmCmALfyvB82v6CZVtwqHNIjPrr1XBo8g1B7c/hu95
> w/416z/sDsr194eDbh/3gt8ddAZb4N2+K2/jd77+D3baY5m0dZDN2APQMwHZ
> TEQRJDwWIDOYyoVIYFxAXQSzFFoJuK5bB56EEOPUwViAWPJARwUMIZhxlcFM
> KOGgsVRBkeZ1NDbjCwE6hTgN5aQoR9E8eAVjngmYYEc6Vf/y+LAOMsm0ygMt
> 0wS/UwOaytJcBdhDLEXg8r1B3cWTL9IcAp5AkM4LaOeZMnciQxqpreO5cVLl
> iTmg82Ra8NCF0YzrOt5bmlLn1GXm3mqn6MDZMTw+gWcnIzjHr6PPn5zB6ASO
> nh8efQGHcPbibHT81IHPzkfw5/OzEbWNjvHzxcn587NvduhfjWVCw4JH8AgD
> 2dBjFzMZCWg8pFMfg9/pec1ywJEqZDIFamBr/w0H+67ndeE7t63m2rQfBFyD
> uXvsc7Bainp5xax+4LZFNgeMn9+xT2nsDz9kIgnZzetf8v/58eHjp8d3tceQ
> /4OBdw3/O70V/4fdYQdbO37Xt/zfBI5mAnmIPFUw53pmyFhtwSXCgXweco2h
> QFdshCxQEnflVckgpjFimtQu0ZI4nwgRAgcKLERIatUzDCjl5S6cmOhgCFxe
> CTFPcjRZuOwkgbiADixwyjEOZA6sWeEbVl+SxKEriRi5FhmOp9JUVyGMa4b8
> 67qMjdBtwbNCYMC64MVr/uB/PMxkPMcQpos5RpmYvxJ1F55QjDiN8mnrWes0
> wsv2W03GHqdJHa2kShXAx2muzaTUMjGNRaK5iVsTnke6RgGwNiHum2CKgQai
> NJnWIBZZxqcic8kxtKKwR6piDA+ZTDDMXcZHdE6JCyW1xiC8w9hXEucHRuVW
> Zazas59yEUsuJ64cz92J+hWsv0TJ/6d4x+Tp3ewx4n/vGv73r+h/x+8T/4de
> 1/J/E0DC7QNpBynNSmDYtvtaSshYEAme7LNtFUNrsu6/66aw+zcUYCUYe2CA
> ujxCocf9tLbmvJkGIPf2AXi2N4DWeN0NVuKOJojjyILyUqRAnC5KWvRhIhWy
> mDr0IeKUgRTE/AuJwYsD2uFITBFKjexrjAVfNNHeE5irdCHDiltlNkF5islK
> yFkaJ09CXGNNtmfpBQUWpPkrpCnd1TvCMPWdmHg/KPmPC+oGdzbGDfzvdHqX
> /B/2u8T/Tqdv+b8JtHdvDW3W3gU44lGQR5QyXMrYPJWJFooS03yV76O0ISen
> iscunBnZQ76FqchIXqEytiAyYxZQYLERYHKi0hjSRKyuJPbyJMWBFCX3a36T
> 3JocwDHHlTEldK4SzEpKNyjzwOoF1zVcRQ9TEPAgyBUPCioTBKDAz1HjKVFI
> sMfasyrQTEi3MeFIcSD8xFuozAZpgim7SPAnvOomFjeU81eojGFnzWVCDRwn
> S5kkIp3g+VC48BVXpmlnx3hUer++GarCzJStjJkoy5OCDEidQa+KkFSVoCOe
> Q3kJxTaMUOQp+lvHWoG6l85h6rM2tqqx5pT/lLOkpguTMeVjjdOEobjySKdX
> CzuBMyOoeiTPK2PSOJDpECfVfdeAukZl7Hbw24yVadgvG7tFOrEHyIsox139
> MU6aTN3ZJ4xllGMGuBsjiUSYClzaeaMJ3zOAly95Fr982cAMM11E8AG2OB8I
> voRa84D9wFiMewwaSEVaxMAx5Trs7tKKlgYoPUUVzOSUdhZefoAnqX8oAh49
> 8uiQzkygQRY+8ZtVC9eppFOLr/1vm1UvvPzRyr2W6UYNE8pmReNP5FvP8Z1y
> NzSvbfrhPdDR9xWl/mMyd3/67/e6w3X93xl4Rv+79vnfRnCLAWt3F0mMEnWp
> 7KuyGkvLKINVrVw+UkzyeIx6iKpj5MmFzwoMJqZyNqpNtqiFpNdb9nxo1A/r
> TbiYSUwEsOJQGCbSJMxQzhLSMMowIjg6PSeNqWHgBBEsa1TFk6UgzaOwlMax
> oAeaQlNCgl1xXeHZySk0vOVHXtOBsfESB6XoiPpGqYXJSf6aY3QiW3MUSc3H
> ERUS5rlIhuW7Ng8YjL6JSAQmFUjXD0xoSPP4AC8/TIoLXjhQe/LsCI6P/lJb
> Zz2YSdBwVH+sTqETybTMaigZqGfoOd6FxArGIWPkwYSShmrCx4onwUxkq4c1
> sQxDdBRnmfITZ5WgmKcfpP/UB8XfJVvst+kgu80dhKL3i6pH0nWdclGTrISH
> 8suGfEOT5IFslfOPC5hrMtCgbdU8AMAMoNovJOGoXEupG97vQ3iq+q8qve9m
> jJue//hDbxX/+/2eef7T92z83wi2MVWkne9gOGXbS6QOJowO/rDteZ7NwHyL
> BAcxXjpfY6fW8Fu2zUOTHjp+52q38tsYvxmjIdoJqgMeOb7Ptomm3nLPY9v3
> fd8WJa7wH0vauxnjJv5D9fefbr8zMLHA79i//24IP/7X/+fpT988/N8//vXH
> 07Mf//3zH/7z9/v2yWJzeO39j6lIhJK3Xgje9P5Hf9i78v5Pj1p9r2P5vwlc
> ff/j8r2Fj/befm3BW7220Erg+enIvJYA++zh7q95T4HewLjmPYUrb0y8PXSn
> t5mhcZg3h+7t3eXQ9732FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYW
> FhYWFhYWFhYW7yf+D4S0HUYAUAAA
> ---242971389-615984271-861311469=:24662--
> 
> 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704201615.JAA11910>