Bug 23621 - SUID exploit gives root access
SUID exploit gives root access
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: perl (Show other bugs)
6.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Crutcher Dunnavant
David Lawrence
: Security
Depends On: 15641
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-08 18:20 EST by flitcraft33
Modified: 2007-04-18 12:30 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-10 11:03:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
perl script that exploits suidperl or any suid file for that matter, ugh (4.51 KB, text/plain)
2001-01-08 18:34 EST, flitcraft33
no flags Details

  None (edit)
Description flitcraft33 2001-01-08 18:20:59 EST
An attack that runs a script that will give root access if the hacker 
knows any binary that is SUID. I have the scripts, the source and the 
email addresses of the guys from Brazil who cooked this one up. 

My first experience with Brazilian PERL and I hope my last. My system was 
totally compromised by this as it grants root access.

I tried to do the Bugzilla search and I hope I did it right. This exploit 
was done on the standard 6.1 install.

Dan Sichel
Comment 1 flitcraft33 2001-01-08 18:34:19 EST
Created attachment 7264 [details]
perl script that exploits suidperl or any suid file for that matter, ugh
Comment 2 Andrew Bartlett 2001-01-10 03:37:41 EST
See bug 15630, and the RedHat advirory at
http://www.redhat.com/support/errata/RHSA-2000-048-03.html
Comment 3 flitcraft33 2001-01-10 11:02:59 EST
Note that script claims to work on ANY suid file, not just PERL. I have not 
tested this in any way shape or form however.
Comment 4 Pekka Savola 2001-01-10 13:36:31 EST
No, this is a standard exploit I have seen long since.  Nothing to do with Brazilian guys
except that they used your suidperl and passwd to get local root.

It cannot be used if your suidperl isn't setuid root, or has been updated, as per errata.

Note You need to log in before you can comment on or make changes to this bug.