Date: Thu, 12 Jul 2001 16:06:12 -0400 From: "alexus" <ml@db.nexgen.com> To: "Gabriel Rocha" <grocha@geeksimplex.org>, "Mike Tancsa" <mike@sentex.net> Cc: <security@freebsd.org> Subject: Re: FreeBSD 4.3 local root Message-ID: <001801c10b0e$1976d370$97625c42@alexus> References: <001f01c10af7$9b42f120$97625c42@alexus> <5.1.0.14.0.20010712132715.035c48a0@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
doesn't work for me on 4.2R ----- Original Message ----- From: "Mike Tancsa" <mike@sentex.net> To: "Gabriel Rocha" <grocha@geeksimplex.org> Cc: <security@freebsd.org> Sent: Thursday, July 12, 2001 1:28 PM Subject: Re: FreeBSD 4.3 local root > > Is the program called vv or a.out ? > > As a non priv user, try this > > cp /bin/sh /tmp/sh > gcc exploitcode.c -o vv > ./vv > > > ---Mike > > > At 01:29 PM 7/12/01 -0400, Gabriel Rocha wrote: > >couple of points: > > 1-It does not work for me; > > > > FreeBSD lorax.neutraldomain.org 4.3-RELEASE FreeBSD > > 4.3-RELEASE #0: Sat Jun 23 01:52:58 PDT 2001 > > root@lorax.neutraldomain.org:/usr/src/sys/compile/lorax > > i386 > > > > 2-At first I tried it with /tmp mounted no-exec (thats what i > > have in fstab) I thought that was why the exploit didnt work, > > remounted /tmp without the no-exec flag and tried again. It > > still does not work, it hangs for hours on end, this last > > iteration has been running for a couple days now and nothing has > > come of it. > > > >Ideas on why it doesnt work? --gabe > > > > > >,----[ On Thu, Jul 12, at 01:25PM, alexus wrote: ]-------------- > >| is there any fix for that? > >| > >| > > about how long does the exploit run before giving you a root shell? > >| > > >| > Immediately. Shellcode calls /tmp/sh, not /bin/sh, so copy it to /tmp. > >`----[ End Quote ]--------------------------- > > > >-- > > > >"It's not brave if you're not scared." > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001801c10b0e$1976d370$97625c42>