Full Disclosure mailing list archives
Re: GNU gcc vuln. < 3.4.3 local root (.php)
From: Andrew Farmer <andfarm () teknovis com>
Date: Mon, 17 Jan 2005 01:39:55 -0800
On 17 Jan 2005, at 00:30, ZzagorR ZzagorR wrote:
#!/usr/bin/php -a <? /* GNU gcc vuln. < 3.4.3 By ZzagorR (MARMARA UNIVERSITY) zzagorrzzagorr () hotmail com http://www.rootbinbash.com thanks to [NST] ah vizeler ahhhhh */
<snip> Ha ha ha. Old "vulnerability". Equivalent to:
/* fake_vuln.c */ int getuid(void) { return 0; } int geteuid(void) { return 0; } int getgid(void) { return 0; }sh % gcc -shared fake_vuln.c -o fake_vuln.so sh % LD_PRELOAD=`pwd`/fake_vuln.so /bin/sh sh # id uid=0(root) gid=0(root) <etc etc etc> sh # cat /etc/shadow cat: /etc/shadow: Permission denied
The sad part is that rootbinbash.com has posted this as a real vulnerability.
Attachment:
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GNU gcc vuln. < 3.4.3 local root (.php) ZzagorR ZzagorR (Jan 17)
- Re: GNU gcc vuln. < 3.4.3 local root (.php) Andrew Farmer (Jan 17)
- Re: GNU gcc vuln. < 3.4.3 local root (.php) Christian (Jan 18)
- <Possible follow-ups>
- Re: GNU gcc vuln. < 3.4.3 local root (.php) ZzagorR ZzagorR (Jan 17)
- Re: GNU gcc vuln. < 3.4.3 local root (.php) Andrew Farmer (Jan 17)