From owner-freebsd-security Thu Jul 12 10:29:51 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.39]) by hub.freebsd.org (Postfix) with SMTP id 2BD1B37B401 for ; Thu, 12 Jul 2001 10:29:47 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 1896 invoked by uid 1000); 12 Jul 2001 17:34:06 -0000 Date: Thu, 12 Jul 2001 20:34:06 +0300 From: Peter Pentchev To: alexus Cc: Przemyslaw Frasunek , Gabriel Rocha , security@FreeBSD.ORG Subject: Re: FreeBSD 4.3 local root Message-ID: <20010712203406.A1065@ringworld.oblivion.bg> Mail-Followup-To: alexus , Przemyslaw Frasunek , Gabriel Rocha , security@FreeBSD.ORG References: <20010712120706.B1020@geeksimplex.org> <079e01c10aef$21fd1460$2001a8c0@clitoris> <001f01c10af7$9b42f120$97625c42@alexus> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <001f01c10af7$9b42f120$97625c42@alexus>; from ml@db.nexgen.com on Thu, Jul 12, 2001 at 01:25:11PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Are you even subscribed to freebsd-security-notifications or freebsd-announce? If yes, then go back and re-read the FreeBSD Security Advisory SA-01:42. G'luck, Peter -- because I didn't think of a good beginning of it. On Thu, Jul 12, 2001 at 01:25:11PM -0400, alexus wrote: > is there any fix for that? > > ----- Original Message ----- > From: "Przemyslaw Frasunek" > To: "Gabriel Rocha" ; > Sent: Thursday, July 12, 2001 12:24 PM > Subject: Re: FreeBSD 4.3 local root > > > > > about how long does the exploit run before giving you a root shell? > > > > Immediately. Shellcode calls /tmp/sh, not /bin/sh, so copy it to /tmp. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message