Full Disclosure mailing list archives
Re: ** FreeBSD local r00t zeroday
From: Oliver Pinter <oliver.pinter () gmail com>
Date: Tue, 1 Dec 2009 11:12:04 +0100
On Tuesday 01 December 2009 06.45.38 bk wrote:
On Nov 30, 2009, at 9:25 PM, David Berard wrote:7.0 not vuln.7.0 vulnerable here, $ ./env /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for ALEX-ALEX # uname -r 7.0-RELEASE-p3Here as well: bin/Kingcope.sh: new file: 35 lines, 772 characters. [chort@demon ~]$ chmod +x bin/Kingcope.sh [chort@demon ~]$ Kingcope.sh bin ktrace.out scratch vent_stalk FreeBSD local r00t zeroday by Kingcope November 2009 env.c: In function 'main': env.c:5: warning: incompatible implicit declaration of built-in function 'malloc' env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy' env.c:11: warning: incompatible implicit declaration of built-in function 'execl' /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for ALEX-ALEX # whoami root # uname -a FreeBSD demon.smtps.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 root () logan cse buffalo edu:/usr/obj/usr/src/sys/GENERIC i386 It's a VM if that matters. -- chort _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
with cpercivals patch: op@oliverp exploit> ./local_root_exploit_env.sh local_root_exploit_env.sh FreeBSD local r00t zeroday by Kingcope November 2009 env.c: In function 'main': env.c:5: warning: incompatible implicit declaration of built-in function 'malloc' env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy' env.c:11: warning: incompatible implicit declaration of built-in function 'execl' /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; aborting -- thanks, Oliver _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: ** FreeBSD local r00t zeroday Oliver Pinter (Dec 01)
- <Possible follow-ups>
- Re: ** FreeBSD local r00t zeroday r00f r00f (Dec 01)
- Re: ** FreeBSD local r00t zeroday Benji (Dec 01)
- Re: ** FreeBSD local r00t zeroday Oliver Pinter (Dec 01)
- Re: ** FreeBSD local r00t zeroday Colin Percival (Dec 01)
- Re: ** FreeBSD local r00t zeroday David Berard (Dec 01)
- Re: ** FreeBSD local r00t zeroday Robert Portvliet (Dec 01)
- Re: ** FreeBSD local r00t zeroday FBI BOT (Dec 01)
- Re: ** FreeBSD local r00t zeroday Dawid Golunski (Dec 01)
- Re: ** FreeBSD local r00t zeroday r00f r00f (Dec 01)
- Re: ** FreeBSD local r00t zeroday Oliver Pinter (Dec 01)
(Thread continues...)