Date: Sun, 11 Dec 2005 09:08:21 GMT From: Ph03n1X <king_purba@yahoo.co.uk> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/90228: lokal rooting Message-ID: <200512110908.jBB98Lgr014740@www.freebsd.org> Resent-Message-ID: <200512110910.jBB9A3Ac057308@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 90228
>Category: bin
>Synopsis: lokal rooting
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Dec 11 09:10:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Ph03n1X
>Release: 6.0 releses
>Organization:
nightlogin gadjah mada university
>Environment:
FreeBSD student.te.ugm.ac.id 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386
>Description:
This is the vulneralability description :
$cat tes.c
main()
{
setuid(0);
setgid(0);
system("/bin/sh");
}
$su -
Password:
#gcc -o tes tes.c
#chmod +s tes
#exit
$id
uid=1228(shelda03) gid=1228(shelda03) groups=1228(shelda03)
$./tes
#id
uid=0(root) gid=0(wheel) groups=0(wheel), 1228(shelda03)
>How-To-Repeat:
I don't know
>Fix:
I don't know
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512110908.jBB98Lgr014740>