From owner-freebsd-stable@FreeBSD.ORG Fri Jul 1 14:50:55 2005 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8325516A41C for ; Fri, 1 Jul 2005 14:50:55 +0000 (GMT) (envelope-from eksffa@freebsdbrasil.com.br) Received: from capeta.freebsdbrasil.com.br (vrrp.freebsdbrasil.com.br [200.210.70.30]) by mx1.FreeBSD.org (Postfix) with SMTP id A379B43D48 for ; Fri, 1 Jul 2005 14:50:53 +0000 (GMT) (envelope-from eksffa@freebsdbrasil.com.br) Received: (qmail 87456 invoked by uid 0); 1 Jul 2005 11:50:53 -0300 Received: from eksffa@freebsdbrasil.com.br by capeta.freebsdbrasil.com.br by uid 82 with qmail-scanner-1.22 (uvscan: v4.3.20/v4525. spamassassin: 2.64. Clear:RC:1(201.17.165.147):. Processed in 0.782156 secs); 01 Jul 2005 14:50:53 -0000 Received: from unknown (HELO ?10.69.69.69?) (201.17.165.147) by capeta.freebsdbrasil.com.br with SMTP; 1 Jul 2005 11:50:52 -0300 Message-ID: <42C55848.2060404@freebsdbrasil.com.br> Date: Fri, 01 Jul 2005 11:50:48 -0300 From: Patrick Tracanelli Organization: FreeBSD Brasil LTDA User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050420 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Argelo, Jorn" References: <42C54F34.3070003@epson-europe.com> In-Reply-To: <42C54F34.3070003@epson-europe.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: stable@freebsd.org Subject: Re: Possible exploit in 5.4-STABLE X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 14:50:55 -0000 [skip] > to attach the binary, but I'll do it anyway because I don't have > anything else but that and a readme file. It didn't seem to work (out of > the box) with 5.4-RELEASE though. > > This is a translation from babelfish: > > Plain replacement of "standard" su for FreeBSD. It makes it possible to > become any user (inc. root) with the introduction of any password. For > this necessary to neglect su with the option "-!". with the use of this > option does not conduct ravine- files. Was tested on FreeBSD 5.4-STABLE. > > My apologies if I am sending in something completely useless and not > important, but I figured it wouldn't hurt just to make sure. > > Cheers, The attached file needs to be setuid to root, so, someone needed to have increased privileges before, in order to install this prg. In this case a one-line C program w/ root setuid would do the same job. -- Patrick Tracanelli patrick @ freebsdbrasil.com.br "Long live Hanin Elias, Kim Deal!"