Date: Thu, 19 Oct 2000 10:36:45 -0700 (PDT) From: Dima Dorfman <dima@unixfreak.org> To: Michael Urban <murban@tznet.com> Cc: freebsd-questions@freebsd.org Subject: Re: su root exploit? Message-ID: <20001019173646.153E71F35@static.unixfreak.org> In-Reply-To: <20001019103754.A667@tznet.com> "from Michael Urban at Oct 19, 2000 10:37:54 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> Does this particular root explit affect su on FreeBSD? The article > says it affects all versions of su. I built and tried to use the code > they included on my system, but I couldn't get anything to happen. DISCLAIMER: I'm not a security expert. I just spent five minutes looking at the exploit, and below are my conclusions. Don't take this as an official statement. - I think the "all versions of su" at the top refer to Linux versions of su. Considering that they expect it to be in /bin, they certainly haven't tried it on any of the BSDs. - Although the actual code to be executed is in the environment, the format string bug appears to be in the handling of the "-u" flag to su. I can't find a reference to it in the manual pages. Conclusion (again, not official): This particular exploit probably can't be used against FreeBSD. That's not to say that a similar problem doesn't exist which will allow this exploit to work with slight modifications. Hope this helps -- Dima Dorfman <dima@unixfreak.org> Finger dima@unixfreak.org for my public PGP key. If two wrongs don't make a right, try three! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001019173646.153E71F35>