|
Bugtraq
mailing list archives
Re: Solaris 7 x86 lpset exploit.
From: jor () FM RZ FH-MUENCHEN DE (Jor)
Date: Thu, 27 Apr 2000 09:36:54 +0200
On Wed, Apr 26, 2000 at 03:51:19PM -0400, Andrew Brown wrote:
There is a sparc version avail for this bug, the bug was discovered by
duke some time ago.
just for people who don't know...or have forgotten...putting this:
set noexec_user_stack = 1
set noexec_user_stack_log = 1
in your /etc/system file protects you against this. it doesn't fix
the bug, but it stops the effects from being quite so "bad".
And for all those who cannot afford to reboot their servers very often,
but want the same protection:
echo "noexec_user_stack/W 0x1" | adb -wk /dev/ksyms /dev/mem
echo "noexec_user_stack_log/W 0x1" | adb -wk /dev/ksyms /dev/mem
This will change the running kernel. (i.e. no reboot required)
but dont forget to put the above lines in yout /etc/system ;)
another note: while this seem to have very litle negative effect
on all solaris/sparc app's i have used so far, there is a reason,
why SUN does enable stack execution by default, if i am correctly
informed this is due to some fortran or rare/old compiler issue,
and might break some fortran or other alien language code...
Thats probably what the second line (noexec_user_stack_log) is
for, to see in your kernel-log's when this caused a program to fail.
So, first try this out on a test machine before doing it on the
production machine!
hoever, the echo ... |adb methode can be used to switch back
to original operation w/o reboot ;)
i hope this helps some...
Juergen
--
Juergen P. Meier email: jpm () class de
Class GmbH Firmengruppe phone: +49 172 8379103
 By Date 
By Thread
Current thread:
SECURITY: [RHSA-2000:014-10] Updated piranha packages available Cristian Gafton (Apr 24)
FreeBSD Security Advisory: FreeBSD-SA-00:14.imap-uw FreeBSD Security Officer (Apr 24)
FreeBSD Security Advisory: FreeBSD-SA-00:15.imap-uw FreeBSD Security Officer (Apr 24)
piranha default password/exploit Max Vision (Apr 24)
|
Intro
