Date: Thu, 12 Jul 2001 10:42:20 -0700 From: Jason DiCioccio <jdicioccio@epylon.com> To: 'serkoon' <serkoon@thedarkside.nl>, security@freebsd.org Subject: RE: FreeBSD 4.3 local root Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFEFBA@goofy.epylon.lan>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hmm.. I used /bin/sh in both cases and for some reason a.out did not work as a binary name for me. I have seen other reports of this too.. But I guess judging by the code that doesn't really make much sense.. ;).. Ah well, I still know I'm not the only one who had that problem :) - ------- Jason DiCioccio Evil Genius Unix BOFH - -----Original Message----- From: serkoon [mailto:serkoon@thedarkside.nl] Sent: Thursday, July 12, 2001 10:40 AM To: security@freebsd.org Subject: Re: FreeBSD 4.3 local root Somebody said something somewhere: > is the binary named 'vv' ? > > It has to be. The binary doesn't need to be named 'vv', that's bull. However.. there are several reports (myself included) of people not being able to succesfully run the exploit because of the used shell. Normally I use bash (2.05.?), but somebody told me he could succesfully exploit the bug using Midnight Commander, so I tried that. It worked for me. So I did a bit thinking and executed /bin/sh. That was what was needed to run the exploit successfully. No need to change the exploitcode or build it as 'vv', just use /bin/sh as shell. Regards.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO03iVVCmU62pemyaEQKPagCfan/tLtDjmnyVgQhPiZOrzczZI7YAn1FH PiJVdhUfq3BMwFP2FJcTjV0A =Gb43 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?657B20E93E93D4118F9700D0B73CE3EA02FFEFBA>