Date: Sun, 20 Apr 1997 09:15:25 -0700 From: Cy Schubert <cy@cwsys.cwent.com> To: igor@alecto.physics.uiuc.edu (Igor Roshchin) Cc: Freebsd-security@freebsd.org, cschuber@uumail.gov.bc.ca Subject: Re: Buffer overflow in sperl5.003 (fwd) -- Is this relevant to FreeBSD ? Message-ID: <199704201615.JAA11910@cwsys.cwent.com> In-Reply-To: Your message of "Thu, 17 Apr 1997 23:02:07 CDT." <199704180402.XAA11899@alecto.physics.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On one of my 2.1.6 systems at home, all I got was segmentation violations and bus errors, meaning if the right offset was used this exploit would work. Since sperl5.003 doesn't work on 2.1.x systems you're better off deleting the binary. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it." > Hello! > > Does anybody know if this hole exists on FreeBSD ? > > Thanks! > > IgoR > > Forwarded message: > >From owner-bugtraq@NETSPACE.ORG Thu Apr 17 19:40:09 1997 > Approved-By: aleph1@UNDERGROUND.ORG > MIME-Version: 1.0 > Content-Type: MULTIPART/MIXED; BOUNDARY="-242971389-615984271-861311469=:2466 2" > Message-ID: <Pine.LNX.3.96.970417140348.24662A-101000@cray1.ecst.csuchico.edu > > Date: Thu, 17 Apr 1997 14:11:09 -0700 > Reply-To: Murphy <jtmurphy@CRAY1.ECST.CSUCHICO.EDU> > Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG> > From: Murphy <jtmurphy@CRAY1.ECST.CSUCHICO.EDU> > Subject: Buffer overflow in sperl5.003 > To: BUGTRAQ@NETSPACE.ORG > > This message is in MIME format. The first part should be readable text, > while the remaining parts are likely unreadable without MIME-aware tools. > Send mail to mime@docserver.cac.washington.edu for more info. > > ---242971389-615984271-861311469=:24662 > Content-Type: TEXT/PLAIN; charset=US-ASCII > > > Its came to my attention that there is a buffer overflow bug in > sperl5.003 that will allow local users gain root access, if SUID root. > The exploit and bug was made and brought to my attention by Willy Tarreau > (tarreau@aemiaif.ibp.fr). > Attached is the source for the exploit. Since it requires some work to > be done to the compiled exploit (Stripping of 5 byte at the begining and > end of the binary), the precompiled Linux x86 exploit can be found at > http://www.ecst.csuchico.edu/~jtmurphy/localusers.html. > > PS. Have a nice a day. > > -- > ---------------------------------------------------------------------------- > Jason T. Murphy | Finger for PGP Public Key | jtmurphy@ecst.csuchico.edu > The Linux Security Home Page -> http://www.ecst.csuchico.edu/~jtmurphy > Security buff, Linux Freak, PC Tech @ Chico State, and all around nice guy. > > ---242971389-615984271-861311469=:24662 > Content-Type: APPLICATION/octet-stream; name="sperlexp.tgz" > Content-Transfer-Encoding: BASE64 > Content-ID: <Pine.LNX.3.96.970417141109.24662B@cray1.ecst.csuchico.edu> > Content-Description: > > H4sIAFcBVTMAA+1a3W7bRhb2rWf3IY6VdCW5FEXq17Wboq5joNk2sRHL6AZt > kY7IkTQIf7TDoSyi6GKBvepF36WPsBd7tcA+xD7G3u05Q0p2ksJuCltG0PkS > WyJneOZwZr7znUMzmwsVtbfuFNDzhkMftgBgOOybT7/XM58VPIBBt9PveF7f > G2Cr7/e7W9C/W7dK5JnmCmALfyvB82v6CZVtwqHNIjPrr1XBo8g1B7c/hu95 > w/416z/sDsr194eDbh/3gt8ddAZb4N2+K2/jd77+D3baY5m0dZDN2APQMwHZ > TEQRJDwWIDOYyoVIYFxAXQSzFFoJuK5bB56EEOPUwViAWPJARwUMIZhxlcFM > KOGgsVRBkeZ1NDbjCwE6hTgN5aQoR9E8eAVjngmYYEc6Vf/y+LAOMsm0ygMt > 0wS/UwOaytJcBdhDLEXg8r1B3cWTL9IcAp5AkM4LaOeZMnciQxqpreO5cVLl > iTmg82Ra8NCF0YzrOt5bmlLn1GXm3mqn6MDZMTw+gWcnIzjHr6PPn5zB6ASO > nh8efQGHcPbibHT81IHPzkfw5/OzEbWNjvHzxcn587NvduhfjWVCw4JH8AgD > 2dBjFzMZCWg8pFMfg9/pec1ywJEqZDIFamBr/w0H+67ndeE7t63m2rQfBFyD > uXvsc7Bainp5xax+4LZFNgeMn9+xT2nsDz9kIgnZzetf8v/58eHjp8d3tceQ > /4OBdw3/O70V/4fdYQdbO37Xt/zfBI5mAnmIPFUw53pmyFhtwSXCgXweco2h > QFdshCxQEnflVckgpjFimtQu0ZI4nwgRAgcKLERIatUzDCjl5S6cmOhgCFxe > CTFPcjRZuOwkgbiADixwyjEOZA6sWeEbVl+SxKEriRi5FhmOp9JUVyGMa4b8 > 67qMjdBtwbNCYMC64MVr/uB/PMxkPMcQpos5RpmYvxJ1F55QjDiN8mnrWes0 > wsv2W03GHqdJHa2kShXAx2muzaTUMjGNRaK5iVsTnke6RgGwNiHum2CKgQai > NJnWIBZZxqcic8kxtKKwR6piDA+ZTDDMXcZHdE6JCyW1xiC8w9hXEucHRuVW > Zazas59yEUsuJ64cz92J+hWsv0TJ/6d4x+Tp3ewx4n/vGv73r+h/x+8T/4de > 1/J/E0DC7QNpBynNSmDYtvtaSshYEAme7LNtFUNrsu6/66aw+zcUYCUYe2CA > ujxCocf9tLbmvJkGIPf2AXi2N4DWeN0NVuKOJojjyILyUqRAnC5KWvRhIhWy > mDr0IeKUgRTE/AuJwYsD2uFITBFKjexrjAVfNNHeE5irdCHDiltlNkF5islK > yFkaJ09CXGNNtmfpBQUWpPkrpCnd1TvCMPWdmHg/KPmPC+oGdzbGDfzvdHqX > /B/2u8T/Tqdv+b8JtHdvDW3W3gU44lGQR5QyXMrYPJWJFooS03yV76O0ISen > iscunBnZQ76FqchIXqEytiAyYxZQYLERYHKi0hjSRKyuJPbyJMWBFCX3a36T > 3JocwDHHlTEldK4SzEpKNyjzwOoF1zVcRQ9TEPAgyBUPCioTBKDAz1HjKVFI > sMfasyrQTEi3MeFIcSD8xFuozAZpgim7SPAnvOomFjeU81eojGFnzWVCDRwn > S5kkIp3g+VC48BVXpmlnx3hUer++GarCzJStjJkoy5OCDEidQa+KkFSVoCOe > Q3kJxTaMUOQp+lvHWoG6l85h6rM2tqqx5pT/lLOkpguTMeVjjdOEobjySKdX > CzuBMyOoeiTPK2PSOJDpECfVfdeAukZl7Hbw24yVadgvG7tFOrEHyIsox139 > MU6aTN3ZJ4xllGMGuBsjiUSYClzaeaMJ3zOAly95Fr982cAMM11E8AG2OB8I > voRa84D9wFiMewwaSEVaxMAx5Trs7tKKlgYoPUUVzOSUdhZefoAnqX8oAh49 > 8uiQzkygQRY+8ZtVC9eppFOLr/1vm1UvvPzRyr2W6UYNE8pmReNP5FvP8Z1y > NzSvbfrhPdDR9xWl/mMyd3/67/e6w3X93xl4Rv+79vnfRnCLAWt3F0mMEnWp > 7KuyGkvLKINVrVw+UkzyeIx6iKpj5MmFzwoMJqZyNqpNtqiFpNdb9nxo1A/r > TbiYSUwEsOJQGCbSJMxQzhLSMMowIjg6PSeNqWHgBBEsa1TFk6UgzaOwlMax > oAeaQlNCgl1xXeHZySk0vOVHXtOBsfESB6XoiPpGqYXJSf6aY3QiW3MUSc3H > ERUS5rlIhuW7Ng8YjL6JSAQmFUjXD0xoSPP4AC8/TIoLXjhQe/LsCI6P/lJb > Zz2YSdBwVH+sTqETybTMaigZqGfoOd6FxArGIWPkwYSShmrCx4onwUxkq4c1 > sQxDdBRnmfITZ5WgmKcfpP/UB8XfJVvst+kgu80dhKL3i6pH0nWdclGTrISH > 8suGfEOT5IFslfOPC5hrMtCgbdU8AMAMoNovJOGoXEupG97vQ3iq+q8qve9m > jJue//hDbxX/+/2eef7T92z83wi2MVWkne9gOGXbS6QOJowO/rDteZ7NwHyL > BAcxXjpfY6fW8Fu2zUOTHjp+52q38tsYvxmjIdoJqgMeOb7Ptomm3nLPY9v3 > fd8WJa7wH0vauxnjJv5D9fefbr8zMLHA79i//24IP/7X/+fpT988/N8//vXH > 07Mf//3zH/7z9/v2yWJzeO39j6lIhJK3Xgje9P5Hf9i78v5Pj1p9r2P5vwlc > ff/j8r2Fj/befm3BW7220Erg+enIvJYA++zh7q95T4HewLjmPYUrb0y8PXSn > t5mhcZg3h+7t3eXQ9732FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYW > FhYWFhYWFhYW7yf+D4S0HUYAUAAA > ---242971389-615984271-861311469=:24662-- > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704201615.JAA11910>