ex_inc.c exploits a bounds checking error in /usr/jp/bin/mh/inc which was distributed with the mh-6.8.3 package. Local root compromise.
64f2aa455cd466403bc433552e384ce9c8e0ca9b98c3b17c61c9298a5606d3eaex_bbc.c exploits a bounds checking error in /usr/jp/bin/mh/bbc which was distributed with the mh-6.8.3 package. Local root compromise.
473ed7b2b606ac73b513d39a31d17c1a0273bb06e15e9331e35c648649c833b8kcms_configure has a overflow bug with "-P" option and it has been reported(107339-01). But this program has another hole. This hole has not been not reported, and the paches are not published at this time. kcms_configure overflows if long string is specified in NETPATH environment, and it is exploitable. I have included an exploit for Solaris7 intel edition to obtain root privilege.
ea0a516a062e19771e9d6d970e1a6bd9a1fc9ee7ecf921fcb1848a66309b1ef1The vulnerability in kcms_configure also exists in Solaris 2.6 and 2.7 sparc edition. Exploit included.
ddad8f87f48eb849bc4bf6f56910e4be16715ce9dec57022ab5c00f69f2c1712The mailer programs (mailtool and dtmail) and mail message print filter (dtmailpr) which are installed on Solaris7 have exploitable buffer overflow bugs. These programs are sgid (mail group) programs, local user can obtain mail group. The mail files are generated with 660 permission, so any user can read/write other user's mail files. I coded the exploits to get mail gid(egid=6). There are for Intel Solaris7. There are same kind of problems on Sparc Solaris7 and Solaris2.6 (Intel,Sparc).
e92d0a93449cedf9a5f2e97de3948d9c6e4f86ade92541e2bae6d0f02e99dcf4Admintool local root exploit for Solaris2.6/7 Sparc machines.
b69c9cefb259fec08d07e73ec2112aafb9dd38c3c3df8295a4ee405733e2666dLocal root exploit code for buffer overflow in canuum for Japanese Linux.
fd52577360eeaf28add4cfb979dda4918874e018bf645981ba365c5ede4420e4Exploit code for Solaris 2.6, 2.7 (sparc) libc/LC_MESSAGES buffer overflow that results in root compromise.
d3475dfd6a18d0ea0ebae341315790632e0506dde74ffd73896455098c786437Local root exploit for buffer overflow condition in sdtcm_convert, for Solaris Sparc machines.
a0d7c588f719baff069310b8f91c793cc31be84e8863b2e4edbb769adf0abb05Local root exploit for buffer overflow condition in sdtcm_convert, for Solaris x86 machines.
1764caeacfb6acc3fbe32be85482da92a8fdec180449b4136f92d8edfbfc3228Local root exploit code for buffer overflow in uum for Japanese Linux.
6883ef84c1d928fa1e9805d6ee8cd081c57968245eace2e2072ea8083a28edcc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed