Bugtraq mailing list archives
ANOTHER OpenBSD security vulnerability!!!!
From: Chris Cappuccio <chris () DQC ORG>
Date: Tue, 7 Nov 2000 02:56:37 -0800
- :Leet Advisory % :Leet Advisory % :Leet Advisory % :Leet Advisory % :Leet - | | | www.dqc.org/~chris | | | | Version : Leet advisory #2666 of many | | Author : LarFoxley[famedork / condemned / ESP / AH / PPTP (soon)] | | Contributed : All of Team Leet (thanks alot) & UVM | | Topic : A non-priviledged user may gain physical access to the | | system, thus exploiting what is known in innner circles as | | "the five-finger discount" | | Effected : All Operating Systems which use a computer | | * OpenBSD, and possibly others | | Prvt Release : October 1, 1995 | | Released : November 7, 19100 | | Credits : www.whitehouse.gov, flash.bellcore.com, www.merit.edu | | Check Section 1 | | Vendor status: Raped | | | - :Leet Advisory % :Leet Advisory % :Leet Advisory % :Leet Advisory % :Leet - Section 1 [Grits]: First and foremost, thanks to dictionary.com, without which I would be totally lost in the world of English spelling and grammar. Thanks to my mother who bore me. This was a coordinated effort with Team Leet and The Serious Hackers known as Super Super Good. I would like to thank RootShellBadddMothers and Team SSH for rigorously testing on many stupid shell providers who don't know about the OpenBSD team's secret plans for world domination through eleet unknown bugs :] (fatcorpse and her great mass testing scripts, great for analysis: www.freshmeat.net < great site :) I would like to thank bass of BEER. He started the whole OpenBSD religion. Keep up the good work. Special thanks to obecian and his DoS 3.3 System. It has made my job so easy that I think I should not be paid anymore. I would also like to thank: NSA, CIA, FBI, Walls Fargo, WTO, Kettutytt, Satan, Dorkex (h0rze :), ISS, Solar Designer, #blowjob, #hotsex, #eatshit, #42, #conf, Al Hugher, Alpeh1, communism, the US Air Force, OJ Simpson, Semtex, Ebola, George W. Bush, Ralph Nader and Jello Biafra. Section 2 [Preface]: Usually, Team Leet keeps our code and research quite private until we spew our diarrhea all over your computer monitor. But, what really annoys us, is when a very big figure in the computer security community lies to the people who make him who he is. The person I speak of is Bob Dobbs. Bob Dobbs claims that OpenBSD hasn't experienced a local root hole in the default install for many years. Yet, during his internal audits, he regularly finds unfaithfulness to the church, and he never notifies the public. I think you guys are lame. You have demonstrated sins, transgressions, intemperances, vices, errors, failings, personal faults, indiscretions, lapses, trespasses, and crimes agsinst man, woman, child, law, nature and god. What worries Team Leet is that our servers might be hacked. We have found many other exploitable holes in previous OpenBSD distributions, that have miraculously been patched and never revealed. Next, there is the "Three years without a remote hole in the default install." I hope this advisory breaks that aswell, because, techinically: * Walk up to the machine * Turn it off * Unplug it * Take it with you Although we have not confirmed it, we believe this bug is also exploitable via NFS, RSH, TELNET, and SSH. Three years without a remote hoe? Strike that. Section 3 [Background]: OpenBSD is a vulnerable operating system because it runs on a computer which can be physically accessed by an intruder. It is significantly better then the traditional UNIX based OS. Section 4 [Problem Description]: There exists a bug in the physical universe which has blatently slipped passed the seemlessly feeble minded OpenBSD developers and hackphreak.org members alike. This bug allows for any local user (or remote user) to steal the entire OpenBSD system, thus rendering it completely useless. Once the system is stolen, a local user (with access to the console) may in fact remove the hard disk. The system uses a published standard, FFS. When one has access to the hard disk, they may use FFS do most anything: such as reading the disk, and writing to it, not just a DoS (if you have to read through this you have now more reason to switch to CP/M). A very smart attacker will: * Mount the hard disk * Read from it * Use RSH A layout of the hard disk is given: * Root filesystem / * Usr filesystem /usr * Home filesystem /home * Root's filesystem /root * Tmp's filesystem /tmp * Var's filesystem /var ------------------------------------------------------------------ main() { printf("hello, world\n"); /* * here, we print to the screen * this is considered a vulnerablilty because we were able to show * just how much damange can really be done with this unique * and as-of-yet-unknown method */ } Section 4 [The exploit]: // PUBLIC RELEASE // // openbsd-sucks.c by LarFoxley of Team Leet (#openbsd on efnet) & SSH // // This exploit is proof of my love for you // // Greets: NSA, CIA, FBI, Walls Fargo, WTO, EHAP, Condoms, caddis[TESO], // Kettutytt, Satan, Dorkex (h0rze :), ISS, Solar Designer, #blowjob, // #hotsex, #eatshit, #42, #conf, Al Hugher, Alpeh1, communism, the // US Air Force, OJ Simpson, Semtex, Ebola, George W. Bush, Ralph // Nader and Jello Biafra. // // PS: The expoit is broke very slightly, so it takes some knowledge ;) // // PUBLIC RELEASE * DO NOT DISTRIBUTE #include <stdyo.h> #include <streengs.h> main() { prentf("hello, world!!!!!\n"); // Now that we have gained physical access, there is no more need for // actual code, because we can simply remove the hard disk at this point. // Also, if you enter the debugger, you can change the user id of the // process that you are currently using. Imagine that. } Section 5 [TO HELL WITH YOU'S]: J.R. "Bob" Dobbs, and the OpenBSD team Photographers Rapists Anyone who thinks OpenBSD is useful All of #openbsd on EFNET All of the people who have violated my sphincter BoW Scriptkiddies who don't use my scripts obecian Section 6 [Come 1 Come ALL]: Team Leet invites you to join efnet #openbsd for a great learning experience. Just join us to teach and learn. But remember, SEXUAL HARASSMENT = FAT LAWSUIT. www.dqc.org/~chris Section 7 [Lies]: I hope this advisory makes you feel warm inside. I know that Windows NT will always rule my world. I think Bill Gates is a role model for my children and their grand-children. I like eating pineapples. All OpenBSD users are paranoid schizophrenics who fall to my knees when they read this message. --- Rev. Chris Cappuccio -=- http://www.dqc.org/~chris/ "If you don't turn on to politics, politics will turn on you" - Ralph Nader
Current thread:
- ANOTHER OpenBSD security vulnerability!!!! Chris Cappuccio (Nov 08)