Re: More fun with Solaris and network config ioctls
Davin Milun (milun@CS.BUFFALO.EDU)
Tue, 12 Aug 1997 09:29:47 -0400
>From owner-bugtraq@NETSPACE.ORG Tue Aug 12 07:45 EDT 1997
>Date: Thu, 7 Aug 1997 15:57:45 +0100
>From: Alan Cox <alan@CYMRU.NET>
>Subject: More fun with Solaris and network config ioctls
>To: BUGTRAQ@NETSPACE.ORG
>
>Bored of downing interfaces, ever wondered what else you could do with the
>year old Solaris hole. Well since I've seen no great sign of life from Sun
>lets do a little bit of demonstrating
As I reported to bugtraq on July 3, Patch 103093-13 (Solaris 2.5 SPARC)
fixes (among others) this problem:
1238582 privileged ifconfig ioctls by normal user succeed on sockets created as root
And your current exploit does not work on a Solaris 2.5 system with
103093-13 (or later) applied.
However, there does not seem to be an equivalent fix for Solaris 2.5.1 !!
Davin.
--
Davin Milun Internet: milun@cs.Buffalo.EDU milun@acm.org
Fax: (716) 645-3464
WWW: http://www.cs.buffalo.edu/~milun/