Date: Thu, 31 Jul 1997 12:20:04 -0400 (EDT) From: Adam Shostack <adam@homeport.org> To: msmith@atrad.adelaide.edu.au (Michael Smith) Cc: gilbertp@videotron.com, security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <199707311620.MAA27641@homeport.org> In-Reply-To: <199707310301.MAA25307@genesis.atrad.adelaide.edu.au> from Michael Smith at "Jul 31, 97 12:31:46 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Smith wrote:
| Patrick Gilbert stands accused of saying:
| >
| > After a brief discussion with TheCa on Efnet, he dcc'd me his famous
| > exploit for a transcript of
| > his brief moment of fame on this discussion list.
|
| Oh, what a d00d.
|
| > execl("/usr/bin/sperl5.00403",
| > "/usr/bin/sperl5.00403", buf, NULL);
| > }
|
| This looks like a Linux exploit; there is no Perl5 in the FreeBSD tree, and
| if it were installed from the port/package it would be in /usr/local/bin.
This looks to me like a PERL5.004 exploit, not a linux exploit. Its
just that the egg is the linux egg, not the FreeBSD egg.
The egg code (nicely commented!) can be found in Leshka Zakharoff's
ppp or cron overflows.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707311620.MAA27641>