From owner-freebsd-questions Sun Apr 2 18:22:19 2000 Delivered-To: freebsd-questions@freebsd.org Received: from web4204.mail.yahoo.com (web4204.mail.yahoo.com [216.115.104.137]) by hub.freebsd.org (Postfix) with SMTP id 09D5837BABD for ; Sun, 2 Apr 2000 18:22:10 -0700 (PDT) (envelope-from hbenedict_fbsd@yahoo.com) Message-ID: <20000403012205.23613.qmail@web4204.mail.yahoo.com> Received: from [165.21.214.179] by web4204.mail.yahoo.com; Sun, 02 Apr 2000 18:22:05 PDT Date: Sun, 2 Apr 2000 18:22:05 -0700 (PDT) From: Benedict Hadiono Subject: Re: 3.3-RELEASE --- procfs hole To: "Joseph McLeod " Cc: freebsd-questions@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Joseph, I wonder if 3.4-STABLE has fixed the problem. Rgds, Benny --- "Joseph McLeod " wrote: > > > On Sun, 2 Apr 2000, Benedict Hadiono wrote: > > > Joseph, > > > > Thank you for your information on this error. > > Can you please elaborate what does this problem > can > > practically cause some damage/risks. > > Well, someone gave me an account on there freebsd > 3.3-RELEASE box to test > there security. While search packetstorm for > freebsd exploits, i found a > procfs bug, similar to a procfs bug that was in fbsd > 2.1.x or at least i > believe so. I was able to root the box with a > little modification of the > code and a simple command after that. For it to > work (since its only a > local exploit), it would have to be a user of yours > thats on the box, or > you would have to have another remotely exploitable > piece of software tha > the attacker could use to get a shell, then he could > use the local exploit > to gain root access. > > Here is a link with alot more information: > > http://packetstorm.securify.com/0001-exploits/procfs4.htm > > > For us to upgrade to 3.4-Stable is not an easy job > > since we have the system already in the > > production/operation. > > > > Thanks again and look forward to your further > info. > > > > rgds, > > Benny > > > > --- "Joseph McLeod " > > wrote: > > > hey, I noticed you said you were running fbsd > > > 3.3-RELEASE, you may already > > > know this, but there is a procfs hole in the > > > version. Its a local > > > exploit, but all the same, i figured you might > wanna > > > know. I guess you > > > could either umount /proc or upgrade to > 3.4-STABLE, > > > which doesn't seem to > > > be affected (or at least not with the same > exploit > > > code). > > > > > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Talk to your friends online with Yahoo! Messenger. > > http://im.yahoo.com > > > > __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message