Date: Thu, 12 Jul 2001 10:32:10 -0700 From: Jason DiCioccio <jdicioccio@epylon.com> To: 'Gabriel Rocha' <grocha@geeksimplex.org>, security@FreeBSD.ORG Subject: RE: FreeBSD 4.3 local root Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFEFB7@goofy.epylon.lan>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 is the binary named 'vv' ? It has to be. Cheers, - -JD- - ------- Jason DiCioccio Evil Genius Unix BOFH - -----Original Message----- From: Gabriel Rocha [mailto:grocha@geeksimplex.org] Sent: Thursday, July 12, 2001 10:30 AM To: security@FreeBSD.ORG Subject: Re: FreeBSD 4.3 local root couple of points: 1-It does not work for me; FreeBSD lorax.neutraldomain.org 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Sat Jun 23 01:52:58 PDT 2001 root@lorax.neutraldomain.org:/usr/src/sys/compile/lorax i386 2-At first I tried it with /tmp mounted no-exec (thats what i have in fstab) I thought that was why the exploit didnt work, remounted /tmp without the no-exec flag and tried again. It still does not work, it hangs for hours on end, this last iteration has been running for a couple days now and nothing has come of it. Ideas on why it doesnt work? --gabe ,----[ On Thu, Jul 12, at 01:25PM, alexus wrote: ]-------------- | is there any fix for that? | | > > about how long does the exploit run before giving you a root | > > shell? | > | > Immediately. Shellcode calls /tmp/sh, not /bin/sh, so copy it to | > /tmp. `----[ End Quote ]--------------------------- - -- "It's not brave if you're not scared." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>; iQA/AwUBO03f81CmU62pemyaEQKK+ACg78KAtTLhEGg0tbNps3PuXud24O8An24G 9WUueCJDnIhGpUzQkscnwrKM =Izj8 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?657B20E93E93D4118F9700D0B73CE3EA02FFEFB7>