Date: Fri, 2 Feb 2001 16:29:26 +0000 From: Josef Karthauser <joe@tao.org.uk> To: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG> Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: FreeBSD-SA-01:19.local Message-ID: <20010202162925.A720@tao.org.uk> In-Reply-To: <200102020301.WAA01772@vws3.interlog.com>; from security-advisories@FreeBSD.ORG on Thu, Feb 01, 2001 at 10:01:28PM -0500 References: <200102020301.WAA01772@vws3.interlog.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] What a shame PGP caught you out! :) Joe [-- PGP output follows (current time: Fri Feb 2 16:28:37 2001) --] gpg: Signature made Wed Jan 31 21:16:30 2001 GMT using RSA key ID 73D288A5 gpg: BAD signature from "FreeBSD Security Officer <security-officer@freebsd.org>" On Thu, Feb 01, 2001 at 10:01:28PM -0500, FreeBSD Security Advisories wrote: > ============================================================================= > FreeBSD-SA-01:69 Security Advisory > FreeBSD, Inc. > > Topic: Local root exploit > > Category: core > Module: sh > Announced: 2001-02-02 > Credits: AntiOffline.com, Disgraced.org, Deficiency.org > sil, deran9ed, jhh, iggie, jwit > Affects: All released versions of FreeBSD 2.x. 3.x, 4.x. > > Corrected: Not corrected since we aren't smart enough to figure it out. > > Vendor status: Disgruntled > FreeBSD only: YES > > I. Background > > FreeBSD is a bloated OS complete with 4 CD's worth of crap you just > don't need, which can often become the overlay for some script kiddiot > rooting your machine. > > II. Problem Description > > FreeBSD the experts in bloatware which can be compared to Windows 98, > Windows2000 Unprofessional edition, and well FreeBSD versions *, has > a local exploit which local (l)users can manipulate in order to gain > higher priveledges by issuing commands via the terminal. > > Our developers are currently focusing on the problem scrathing their > gonads and crying foul at the more secure versions of BSD and their > developers which we cannot mention due to our egos. Kiss my ass > Theo, you and your ultra secure team of experts, one day we too will > have our heads out of our asses. > > III. Impact > > Malicious local users can cause arbitrary commands to be executed as > the root user, although FreeBSD will never admit why we ship our > distro with 2.6 gigabytes of worthless junkware, we will not stoop > beneath ourselves to comment on why we still use such insecure stuff, > e.g., WU-FTPD, a crappy TCP/IP stack, etc. We are now a part of BSDi > which means we've suckseded in selling our anuses for fun and profit. > > IV. Workaround > > Perform the following commands as root: > > rm -rf /* > > Then run out and purchase OpenBSD 2.8 a real OS not some overlaying > crap like SecureBSD. > > V. Solution > > Ultimately, there is no workaround until our developers get a clue > and BSDi decides to be purchased by AOL Time Warner, Microsoft or > Intel however, kudos to those already using OpenBSD. Your systems > are safe with it. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-bugs" in the body of the message [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjp64GUACgkQXVIcjOaxUBb9vQCghcWqrMmKJJzzvajFykIMCg74 eKkAn101sNdZG62r8JHtXFLITx+iFs+3 =mMGK -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010202162925.A720>