Date: Thu, 12 Nov 2009 08:45:16 +0100 (CET) From: Damian Weber <dweber@htw-saarland.de> To: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, Oliver Pinter <oliver.pntr@gmail.com>, wkoszek@freebsd.org, freebsd-security@freebsd.org Subject: Re: 2009-07-20 FreeBSD 7.2 (pecoff executable) Local Denial of Service Exploit 23 R D Shaun Colley Message-ID: <alpine.BSF.2.00.0911120840440.67536@magritte.htw-saarland.de> In-Reply-To: <IkFmzsHv3PpqvmBLOW9PsGc1Y%2Bk@8WwhI1BLREGYCErwiufUu0sfwBM> References: <6101e8c40907201008n62eeec05r6670a79698bc2ac7@mail.gmail.com> <20091111173311.T37440@maildrop.int.zabbadoz.net> <alpine.BSF.2.00.0911111909340.60404@magritte.htw-saarland.de> <IkFmzsHv3PpqvmBLOW9PsGc1Y%2Bk@8WwhI1BLREGYCErwiufUu0sfwBM>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 11 Nov 2009, Eygene Ryabinkin wrote: > Date: Wed, 11 Nov 2009 22:37:44 +0300 > From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> > To: Damian Weber <dweber@htw-saarland.de> > Cc: Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net>, > freebsd-security@freebsd.org, wkoszek@freebsd.org, > Oliver Pinter <oliver.pntr@gmail.com> > Subject: Re: 2009-07-20 FreeBSD 7.2 (pecoff executable) Local Denial of > Service Exploit 23 R D Shaun Colley > > Wed, Nov 11, 2009 at 07:14:48PM +0100, Damian Weber wrote: > > FWIW, I got another result on 6.4-STABLE > > > > FreeBSD mymachine.local 6.4-STABLE FreeBSD 6.4-STABLE #6: Sat Oct 3 13:06:12 CEST 2009 root@hypercrypt.local:/usr/obj/usr/src/sys/MYMACHINE i386 > > > > $ ./pecoff > > MZaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa????aaaa > > [I'm truncating here, ~3500 a's follow]aaaaa: File name too long > > You have no pecoff module loaded or compiled-in to the kernel, > aren't you? Your "File name too long" is spitted by the shell, > so it was not handled by the PE loader at all. Confirmed. The code crashes the 6.4-stable machine when pecoff module is loaded. Wojciech A. Koszek wrote: > I think the best way would be to remove PECOFF from 6.x and 7.x. Now, I'm inclined to think that, too ;-) -- Damian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0911120840440.67536>