Re: More fun with Solaris and network config ioctls

Davin Milun (milun@CS.BUFFALO.EDU)
Tue, 12 Aug 1997 09:29:47 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tobias Oetiker: "Re: solaris ^[[1J reboot"
Previous message: John Allen: "Re: solaris ^[[1J reboot"

>From owner-bugtraq@NETSPACE.ORG Tue Aug 12 07:45 EDT 1997
>Date: Thu, 7 Aug 1997 15:57:45 +0100
>From: Alan Cox <alan@CYMRU.NET>
>Subject: More fun with Solaris and network config ioctls
>To: BUGTRAQ@NETSPACE.ORG
>
>Bored of downing interfaces, ever wondered what else you could do with the
>year old Solaris hole. Well since I've seen no great sign of life from Sun
>lets do a little bit of demonstrating

As I reported to bugtraq on July 3, Patch 103093-13 (Solaris 2.5 SPARC)
fixes (among others) this problem:
1238582 privileged ifconfig ioctls by normal user succeed on sockets created as root

And your current exploit does not work on a Solaris 2.5 system with
103093-13 (or later) applied.

However, there does not seem to be an equivalent fix for Solaris 2.5.1 !!

Davin.

--
Davin Milun    Internet:  milun@cs.Buffalo.EDU     milun@acm.org
               Fax:       (716) 645-3464
               WWW:       http://www.cs.buffalo.edu/~milun/

Next message: Tobias Oetiker: "Re: solaris ^[[1J reboot"
Previous message: John Allen: "Re: solaris ^[[1J reboot"