Date: Thu, 12 Jul 2001 15:13:38 -0500 From: jamie rishaw <jamie@playboy.com> To: alexus <ml@db.nexgen.com> Cc: Gabriel Rocha <grocha@geeksimplex.org>, Mike Tancsa <mike@sentex.net>, security@freebsd.org Subject: Re: FreeBSD 4.3 local root Message-ID: <20010712151338.G14782@playboy.com> In-Reply-To: <001801c10b0e$1976d370$97625c42@alexus>; from ml@db.nexgen.com on Thu, Jul 12, 2001 at 04:06:12PM -0400 References: <001f01c10af7$9b42f120$97625c42@alexus> <5.1.0.14.0.20010712132715.035c48a0@marble.sentex.ca> <001801c10b0e$1976d370$97625c42@alexus>
next in thread | previous in thread | raw e-mail | index | archive | help
No offense, guys, but I'm sure a lot of us have better things to do than to read status reports from people across the Internet on whether or not an exploit worked for them. Patch your systems. Maintain security. Dont add untrusted users. Best regards.. /jr On Thu, Jul 12, 2001 at 04:06:12PM -0400, alexus wrote: > doesn't work for me on 4.2R > > ----- Original Message ----- > From: "Mike Tancsa" <mike@sentex.net> > To: "Gabriel Rocha" <grocha@geeksimplex.org> > Cc: <security@freebsd.org> > Sent: Thursday, July 12, 2001 1:28 PM > Subject: Re: FreeBSD 4.3 local root > > > > > > Is the program called vv or a.out ? > > > > As a non priv user, try this > > > > cp /bin/sh /tmp/sh > > gcc exploitcode.c -o vv > > ./vv > > > > > > ---Mike > > > > > > At 01:29 PM 7/12/01 -0400, Gabriel Rocha wrote: > > >couple of points: > > > 1-It does not work for me; > > > > > > FreeBSD lorax.neutraldomain.org 4.3-RELEASE FreeBSD > > > 4.3-RELEASE #0: Sat Jun 23 01:52:58 PDT 2001 > > > root@lorax.neutraldomain.org:/usr/src/sys/compile/lorax > > > i386 > > > > > > 2-At first I tried it with /tmp mounted no-exec (thats what i > > > have in fstab) I thought that was why the exploit didnt work, > > > remounted /tmp without the no-exec flag and tried again. It > > > still does not work, it hangs for hours on end, this last > > > iteration has been running for a couple days now and nothing has > > > come of it. > > > > > >Ideas on why it doesnt work? --gabe > > > > > > > > >,----[ On Thu, Jul 12, at 01:25PM, alexus wrote: ]-------------- > > >| is there any fix for that? > > >| > > >| > > about how long does the exploit run before giving you a root shell? > > >| > > > >| > Immediately. Shellcode calls /tmp/sh, not /bin/sh, so copy it to > /tmp. > > >`----[ End Quote ]--------------------------- > > > > > >-- > > > > > >"It's not brave if you're not scared." > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > > >with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- jamie rishaw <jamie@playboy.com> sr. wan/unix engineer/ninja // playboy enterprises inc. opinions stated are mine, and are not necessarily those of the bunny. dance like it hurts. love like you need money. work when people are watching. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010712151338.G14782>