Full Disclosure mailing list archives
Re: Symlink vulnerabilities
From: bugs () fbi dhs org
Date: Thu, 27 Oct 2011 10:39:46 -0400 (EDT)
Hi,
Also, i mean a up to date, 2011 kernel here, not sum shitty old
root@b0rk:/root# uname -a Linux b0rk 2.6.24-29-generic #1 SMP Wed Aug 10 16:34:32 UTC 2011 i686 GNU/Linux
crapbox... i dont care for hardware but, if your shopoting from root like vlads examples, and, look, I havediscussed this exploit with kcope, who also thinks the same thing, and also played alittle with it, and, thats about 5 people now i know who have all played with this exact speak of fd. nwm,, for one thing, you have been biased, in showing only one side this spcalled code... as i am asmuch trustworthy as anyone if they have to proove a point, i have my own labs, and dont rel on sharing my info, and, simply dont have this working on 2011 kernels... yet, i have other onesd wrking on it, and, i have a few mods up my sleeve i have not tried yet n this, but, it was stopping me befoe i would even reach that area, so, im now interested on how this is winnable, and, why you trust only one side with code, yet dont simply shown us both. thats abit harsh, i find that actually rude but, whatever dude. I still think its crap anyhow, so, enjoy your 60% chance s[ploit on, whats not going to be a recent 2011 kernel :) right.
It's not the value of the exploit that matters to me at all (not going to find much using bzexe these days with 1tb disks running around) it's the thrill of the hunt. I wanted to see if it could be done.
anyhow, now, im agitated, and sleepy. you have really shown how whitehats can be true arseholes :) anyhow gnite.
I'm not trying to be an ass, just trying to see if exploiting this would indeed work. At first I didn't think it was possible but spoke with vladz offline more about it. I respect the people on this list very much and wouldn't intentionally insult anyone.
On 28 October 2011 01:20, <bugs () fbi dhs org> wrote:Hi, I've gotten this exploit to work, albeit on a slow 500mhz system with 256mb of ram. I've shared the details with vladz and will make them available soon. It's a hard race to win, but it can be won about 60% of the time.On Fri, 28 Oct 2011 00:56:35 +1100, xD 0x41 said:morning but, i trust you, itcannot be exploited, in any way, it will only cause corruption of tar and compression utils, at most.Umm. Maybe in *that step* it's "at most". But what can you leverage that into? If you can screw with the code execution of the tar command enough to get root to untar a file of your choosing, you then have your entire rootkit installed with no further effort on your part. ;) (For a wonderful read on leveraging, find the tech writeup from a few years ago on how a 1-byte overlay in ntpd got leveraged into a total root pwn.) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Symlink vulnerabilities, (continued)
- Re: Symlink vulnerabilities dave bl (Oct 25)
- Re: Symlink vulnerabilities Ryan Sears (Oct 25)
- Re: Symlink vulnerabilities bugs (Oct 25)
- Re: Symlink vulnerabilities vladz (Oct 27)
- Re: Symlink vulnerabilities xD 0x41 (Oct 27)
- Re: Symlink vulnerabilities Jeffrey Walton (Oct 27)
- Re: Symlink vulnerabilities xD 0x41 (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities bugs (Oct 27)
- Re: Symlink vulnerabilities xD 0x41 (Oct 27)
- Message not available
- Re: Symlink vulnerabilities bugs (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities Andrew Farmer (Oct 27)
- Re: Symlink vulnerabilities Valdis . Kletnieks (Oct 27)
- Re: Symlink vulnerabilities GloW - XD (Oct 27)
- Re: Symlink vulnerabilities halfdog (Oct 27)
- Re: Symlink vulnerabilities xD 0x41 (Oct 27)
- Re: Symlink vulnerabilities Benjamin Renaut (Oct 27)
- Re: Symlink vulnerabilities Benjamin Renaut (Oct 27)
- Re: Symlink vulnerabilities bugs (Oct 27)