Vulnerability Development mailing list archives
Possible exploit in FreeBSD 4.0
From: John Herron <john.herron () RRC STATE TX US>
Date: Thu, 26 Oct 2000 08:17:51 -0500
I appollogize that I haven't had the proper time to test this more. I just wanted to make people aware of this possibility. Here's what happened: I was telnetting to my FreeBSD 4.0 box, and was going to add a java program to it but realized I didn't have XFree86 or anything installed (no GUI) and lots of other stuff wasn't installed either. So I ran "/stand/sysinstall" to start installing stuff (this is a 1GB IDE HD btw) anyway, figuring that I could PROBABLY fit all the programs the CD had on it on my HD I told it to give me "all" the stuff, etc, etc. After 2 or so hours of installing, I finally got a HD full error so I had to tell it "no, don't try to get the file again", and this went on for a bit. Finally the program quit with some fail error. Over the telnet session I was still on the box, but figured it was probably corrupted. I physically went to the box to check it out. I logged in with my non-root account and it failed (bad login or password).. I tried a few more times with no success. I tried the "guest" account I made (for the public to telnet with), still no luck. I try "root", it gave some QUICK error, erased it (I never saw what it said) didn't ask me for a password and dumped me into the root prompt. It displays the motd and then (unfortunatly can't remember which 2 files) but complained about not being able to read two files or them being corrupt or something. Regardless, I tried logging in a few times but same results, valid logins are rejected and root fails to ask a password and glitches you into a root prompt. Someone may want to experiment with this further to see what the actual problems are. I hosed my box and am having trouble getting it to install without crashing right now so I can't test it anymore :o( . One side note, ok.. maybe 2. 1, I was going to see if this would ALSO happen if I just filled UP the harddrive (just echo "bla" to a file how ever many times you want and loop it untill a harddrive full error occurs) and see how it affects the system. 2, I also noticed while debugging my crappy installations (that never work) that upon some point in /sysinstall it opens a root shell on ttyv4 or so which I did try and successfully typed in. I can't see if your required to be root or not to run sysinstall (but I recall running it under my guest account before). If that IS the case that would be another possible exploit. The fix would basically be to make that directory and those files only runnable/readable/writable/whateverable to root or wheel only. Have fun.
Current thread:
- Possible exploit in FreeBSD 4.0 John Herron (Oct 27)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 27)
- Squid doesn't quote urls in error messages. Lincoln Yeoh (Oct 28)
- Re: Squid doesn't quote urls in error messages. Robert Collins (Oct 29)
- Re: Squid doesn't quote urls in error messages. 3APA3A (Oct 29)
- Squid doesn't quote urls in error messages. Lincoln Yeoh (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 The Psychotic Viper (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 Kris Kirby (Oct 30)
- <Possible follow-ups>
- Re: Possible exploit in FreeBSD 4.0 John Herron (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 28)
- Re: Possible exploit in FreeBSD 4.0 packetWhore (Oct 29)
- Re: Possible exploit in FreeBSD 4.0 Crist Clark (Oct 29)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 28)
(Thread continues...)
- Re: Possible exploit in FreeBSD 4.0 Mark (Oct 27)