Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: question on escalating privileges via suid vulnerabilities

From: "John McGuire" <jmcguire81 () gmail com>
Date: Sun, 25 Feb 2007 10:18:43 -0700
Thanks, adding setuid() cleared up the issue.

John

On 2/25/07, Michal Zalewski <lcamtuf () dione ids pl> wrote:

On Sat, 24 Feb 2007, John McGuire wrote:

>        arr[1] = NULL;
         setuid(0);
>        execve (arr[0], arr, NULL);

Just add this line there. You are in all likelihood bumping into a
"protection"  built into /bin/sh to make attacks marginally more
difficult.

/mz




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: