From owner-freebsd-security  Thu Jul 12  9:29:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost.freebsd.lublin.pl (mailhost.freebsd.lublin.pl [212.182.115.12])
	by hub.freebsd.org (Postfix) with ESMTP id 1415237B401
	for <security@FreeBSD.ORG>; Thu, 12 Jul 2001 09:29:25 -0700 (PDT)
	(envelope-from venglin@freebsd.lublin.pl)
Received: from clitoris (root@mailhost.freebsd.lublin.pl [212.182.115.12])
	by mailhost.freebsd.lublin.pl (8.11.4/8.11.4) with SMTP id f6CGQPr82635;
	Thu, 12 Jul 2001 18:26:26 +0200 (CEST)
	(envelope-from venglin@freebsd.lublin.pl)
Message-ID: <079e01c10aef$21fd1460$2001a8c0@clitoris>
From: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl>
To: "Gabriel Rocha" <grocha@geeksimplex.org>, <security@FreeBSD.ORG>
References: <20010712120706.B1020@geeksimplex.org>
Subject: Re: FreeBSD 4.3 local root
Date: Thu, 12 Jul 2001 18:24:28 +0200
Organization: babcia padlina ltd.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> about how long does the exploit run before giving you a root shell?

Immediately. Shellcode calls /tmp/sh, not /bin/sh, so copy it to /tmp.

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message