From owner-freebsd-questions Sun Apr 2 19:31:16 2000 Delivered-To: freebsd-questions@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 2164C37BBCE for ; Sun, 2 Apr 2000 19:31:12 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id WAA33253; Sun, 2 Apr 2000 22:31:07 -0400 (EDT) (envelope-from cjc) Date: Sun, 2 Apr 2000 22:31:07 -0400 From: "Crist J. Clark" To: Benedict Hadiono Cc: "Joseph McLeod " , freebsd-questions@FreeBSD.ORG Subject: Re: 3.3-RELEASE --- procfs hole Message-ID: <20000402223107.A33106@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com References: <20000403012205.23613.qmail@web4204.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000403012205.23613.qmail@web4204.mail.yahoo.com>; from hbenedict_fbsd@yahoo.com on Sun, Apr 02, 2000 at 06:22:05PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Apr 02, 2000 at 06:22:05PM -0700, Benedict Hadiono wrote: > Joseph, > > I wonder if 3.4-STABLE has fixed the problem. ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:02.procfs.asc > --- "Joseph McLeod " > wrote: > > > > > > On Sun, 2 Apr 2000, Benedict Hadiono wrote: > > > > > Joseph, > > > > > > Thank you for your information on this error. > > > Can you please elaborate what does this problem > > can > > > practically cause some damage/risks. > > > > Well, someone gave me an account on there freebsd > > 3.3-RELEASE box to test > > there security. While search packetstorm for > > freebsd exploits, i found a > > procfs bug, similar to a procfs bug that was in fbsd > > 2.1.x or at least i > > believe so. I was able to root the box with a > > little modification of the > > code and a simple command after that. For it to > > work (since its only a > > local exploit), it would have to be a user of yours > > thats on the box, or > > you would have to have another remotely exploitable > > piece of software tha > > the attacker could use to get a shell, then he could > > use the local exploit > > to gain root access. > > > > Here is a link with alot more information: > > > > > http://packetstorm.securify.com/0001-exploits/procfs4.htm > > > > > For us to upgrade to 3.4-Stable is not an easy job > > > since we have the system already in the > > > production/operation. > > > > > > Thanks again and look forward to your further > > info. > > > > > > rgds, > > > Benny > > > > > > --- "Joseph McLeod " > > > wrote: > > > > hey, I noticed you said you were running fbsd > > > > 3.3-RELEASE, you may already > > > > know this, but there is a procfs hole in the > > > > version. Its a local > > > > exploit, but all the same, i figured you might > > wanna > > > > know. I guess you > > > > could either umount /proc or upgrade to > > 3.4-STABLE, > > > > which doesn't seem to > > > > be affected (or at least not with the same > > exploit > > > > code). > > > > > > > > > > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Talk to your friends online with Yahoo! Messenger. > > > http://im.yahoo.com > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message