Bugtraq mailing list archives
ff.core exploit on Solaris (2.)7
From: dfrasnel () CSEE WVU EDU (Daniel J. Frasnelli)
Date: Fri, 8 Jan 1999 12:43:20 -0500
Greetings,
Confirmed ff.core exploit does exist in Solaris 7, server
edition. System is straight installation, no patches of any category
available for 7 from Sunsolve yet.
Daniel
(12:32,99-01-08)
(dfrasnel@rogue)[~]> uname -spr
SunOS 5.7 sparc
(12:34,99-01-08)
(dfrasnel@rogue)[~]> ./test
Testing if exploit is possible...
Test successful. Proceeding...
Backing up clobbered files to /tmp/.bk
Doing sploit...
Done with sploit. Testing and trying to clean up now...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
w00p! Should have a suid root sh in /tmp/bob
btw, its rksh because solaris is silly
Let me try to clean up my mess...
everything should be cool.. i think :>
# ls -la /tmp/bob
-rwsr-xr-x 1 root root 192764 Jan 8 12:32 /tmp/bob
# id
(snip) euid=0(root)
Current thread:
- setuid vs. setgid (was Re: Anonymous Qmail Denial of Service), (continued)
- setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Ian R. Justman (Jan 06)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Darren Reed (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Nick Maclaren (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Mark Crosbie (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Pete Kruckenberg (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Thamer Al-Herbish (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Len Budney (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Thamer Al-Herbish (Jan 08)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Kragen Sitaker (Jan 09)
- Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Darren Reed (Jan 08)
- setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Ian R. Justman (Jan 06)
- ff.core exploit on Solaris (2.)7 Daniel J. Frasnelli (Jan 08)
- Re: ff.core exploit on Solaris (2.)7 Casper Dik (Jan 15)
- L0pht tmp tool and (mini) Advisory Dr. Mudge (Jan 08)
- Re: Anonymous Qmail Denial of Service Wietse Venema (Jan 10)
- Keeping Solaris up-to-date John RIddoch (Jan 11)
- Keeping any up-to-date? Randolf-Heiko Skerka (Jan 13)
- Re: Keeping any up-to-date? Ciaran Deignan (Jan 15)
- Re: Keeping any up-to-date? Peter May (Jan 15)