From owner-freebsd-security Thu Jul 12 10:25:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id 1F49037B403 for ; Thu, 12 Jul 2001 10:25:14 -0700 (PDT) (envelope-from ml@db.nexgen.com) Received: (qmail 86239 invoked from network); 12 Jul 2001 17:25:15 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 12 Jul 2001 17:25:15 -0000 Message-ID: <001f01c10af7$9b42f120$97625c42@alexus> From: "alexus" To: "Przemyslaw Frasunek" , "Gabriel Rocha" , References: <20010712120706.B1020@geeksimplex.org> <079e01c10aef$21fd1460$2001a8c0@clitoris> Subject: Re: FreeBSD 4.3 local root Date: Thu, 12 Jul 2001 13:25:11 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2499.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2499.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org is there any fix for that? ----- Original Message ----- From: "Przemyslaw Frasunek" To: "Gabriel Rocha" ; Sent: Thursday, July 12, 2001 12:24 PM Subject: Re: FreeBSD 4.3 local root > > about how long does the exploit run before giving you a root shell? > > Immediately. Shellcode calls /tmp/sh, not /bin/sh, so copy it to /tmp. > > -- > * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * > * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF * > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message