From owner-freebsd-security  Thu Jul 12 10:39:27 2001
Delivered-To: freebsd-security@freebsd.org
Received: from thedarkside.nl (cc31301-a.assen1.dr.nl.home.com [213.51.66.128])
	by hub.freebsd.org (Postfix) with ESMTP id 3ADCD37B401
	for <security@freebsd.org>; Thu, 12 Jul 2001 10:39:22 -0700 (PDT)
	(envelope-from serkoon@thedarkside.nl)
Received: (from root@localhost)
	by thedarkside.nl (?/8.9.3) id f6CHdKQ15298
	for security@freebsd.org; Thu, 12 Jul 2001 19:39:20 +0200 (CEST)
	(envelope-from serkoon@thedarkside.nl)
Received: from kilmarnock (kilmarnock [10.0.0.2])
	by thedarkside.nl (?/8.9.3av) with SMTP id f6CHdH415290
	for <security@FreeBSD.ORG>; Thu, 12 Jul 2001 19:39:17 +0200 (CEST)
	(envelope-from serkoon@thedarkside.nl)
Message-ID: <005701c10af9$bd7a7c20$0200000a@kilmarnock>
From: "serkoon" <serkoon@thedarkside.nl>
To: <security@freebsd.org>
References: <657B20E93E93D4118F9700D0B73CE3EA02FFEFB7@goofy.epylon.lan>
Subject: Re: FreeBSD 4.3 local root
Date: Thu, 12 Jul 2001 19:40:28 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Somebody said something somewhere:

> is the binary named 'vv' ?
> 
> It has to be.

The binary doesn't need to be named 'vv', that's bull. 

However.. there are several reports (myself included)
of people not being able to succesfully run the exploit
because of the used shell. Normally I use bash (2.05.?),
but somebody told me he could succesfully exploit
the bug using Midnight Commander, so I tried that. 

It worked for me. So I did a bit thinking and executed
/bin/sh. That was what was needed to run the exploit
successfully. No need to change the exploitcode
or build it as 'vv', just use /bin/sh as shell. 

Regards.. 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message