Re: FreeBSD 4.3 local root

From: alexus (ml@db.nexgen.com)
Date: 07/12/01

Next message: Ben Smithurst: "Re: FreeBSD 4.3 local root PREVENTIONS"
Previous message: alexus: "Re: FreeBSD 4.3 local root PREVENTIONS"
In reply to: Mike Tancsa: "Re: FreeBSD 4.3 local root"
Next in thread: Kris Kennaway: "Re: FreeBSD 4.3 local root"
Reply: Kris Kennaway: "Re: FreeBSD 4.3 local root"
Reply:(deleted message) jamie rishaw: "Re: FreeBSD 4.3 local root"
Reply: www.slashx.net: "Re: FreeBSD 4.3 local root"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "alexus" <ml@db.nexgen.com>
To: "Gabriel Rocha" <grocha@geeksimplex.org>, "Mike Tancsa" <mike@sentex.net>
Date: Thu, 12 Jul 2001 16:06:12 -0400

doesn't work for me on 4.2R

----- Original Message -----
From: "Mike Tancsa" <mike@sentex.net>
To: "Gabriel Rocha" <grocha@geeksimplex.org>
Cc: <security@freebsd.org>
Sent: Thursday, July 12, 2001 1:28 PM
Subject: Re: FreeBSD 4.3 local root

>
> Is the program called vv or a.out ?
>
> As a non priv user, try this
>
> cp /bin/sh /tmp/sh
> gcc exploitcode.c -o vv
> ./vv
>
>
> ---Mike
>
>
> At 01:29 PM 7/12/01 -0400, Gabriel Rocha wrote:
> >couple of points:
> > 1-It does not work for me;
> >
> > FreeBSD lorax.neutraldomain.org 4.3-RELEASE FreeBSD
> > 4.3-RELEASE #0: Sat Jun 23 01:52:58 PDT 2001
> > root@lorax.neutraldomain.org:/usr/src/sys/compile/lorax
> > i386
> >
> > 2-At first I tried it with /tmp mounted no-exec (thats what i
> > have in fstab) I thought that was why the exploit didnt work,
> > remounted /tmp without the no-exec flag and tried again. It
> > still does not work, it hangs for hours on end, this last
> > iteration has been running for a couple days now and nothing has
> > come of it.
> >
> >Ideas on why it doesnt work? --gabe
> >
> >
> >,----[ On Thu, Jul 12, at 01:25PM, alexus wrote: ]--------------
> >| is there any fix for that?
> >|
> >| > > about how long does the exploit run before giving you a root shell?
> >| >
> >| > Immediately. Shellcode calls /tmp/sh, not /bin/sh, so copy it to
/tmp.
> >`----[ End Quote ]---------------------------
> >
> >--
> >
> >"It's not brave if you're not scared."
> >
> >To Unsubscribe: send mail to majordomo@FreeBSD.org
> >with "unsubscribe freebsd-security" in the body of the message
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Ben Smithurst: "Re: FreeBSD 4.3 local root PREVENTIONS"
Previous message: alexus: "Re: FreeBSD 4.3 local root PREVENTIONS"
In reply to: Mike Tancsa: "Re: FreeBSD 4.3 local root"
Next in thread: Kris Kennaway: "Re: FreeBSD 4.3 local root"
Reply: Kris Kennaway: "Re: FreeBSD 4.3 local root"
Reply:(deleted message) jamie rishaw: "Re: FreeBSD 4.3 local root"
Reply: www.slashx.net: "Re: FreeBSD 4.3 local root"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: FreeBSD 4.3 local root
... > is there any fix for that? ... > Subject: Re: FreeBSD 4.3 local root ...
(FreeBSD-Security)
RE: FreeBSD 4.3 local root
... Subject: FreeBSD 4.3 local root ... with "unsubscribe freebsd-security" in the body of the message ...
(FreeBSD-Security)
Re: FreeBSD 4.3 local root
... and nothin is happenin ... Subject: FreeBSD 4.3 local root ... > or build it as 'vv', just use /bin/sh as shell. ...
(FreeBSD-Security)
Re: Updating Sendmail
... > I've got a few systems which need to be updated to patch the Sendmail ... > local root exploit. ... Does FreeBSD have 8.11.6 as a package in the ports ...
(FreeBSD-Security)
Re: FreeBSD 4.3 local root
... Subject: FreeBSD 4.3 local root ...
(FreeBSD-Security)