Date: Thu, 12 Jul 2001 20:34:06 +0300 From: Peter Pentchev <roam@orbitel.bg> To: alexus <ml@db.nexgen.com> Cc: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>, Gabriel Rocha <grocha@geeksimplex.org>, security@FreeBSD.ORG Subject: Re: FreeBSD 4.3 local root Message-ID: <20010712203406.A1065@ringworld.oblivion.bg> In-Reply-To: <001f01c10af7$9b42f120$97625c42@alexus>; from ml@db.nexgen.com on Thu, Jul 12, 2001 at 01:25:11PM -0400 References: <20010712120706.B1020@geeksimplex.org> <079e01c10aef$21fd1460$2001a8c0@clitoris> <001f01c10af7$9b42f120$97625c42@alexus>
next in thread | previous in thread | raw e-mail | index | archive | help
Are you even subscribed to freebsd-security-notifications or freebsd-announce? If yes, then go back and re-read the FreeBSD Security Advisory SA-01:42. G'luck, Peter -- because I didn't think of a good beginning of it. On Thu, Jul 12, 2001 at 01:25:11PM -0400, alexus wrote: > is there any fix for that? > > ----- Original Message ----- > From: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl> > To: "Gabriel Rocha" <grocha@geeksimplex.org>; <security@FreeBSD.ORG> > Sent: Thursday, July 12, 2001 12:24 PM > Subject: Re: FreeBSD 4.3 local root > > > > > about how long does the exploit run before giving you a root shell? > > > > Immediately. Shellcode calls /tmp/sh, not /bin/sh, so copy it to /tmp. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010712203406.A1065>