From owner-freebsd-security  Thu Jul 12 10:33:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.epylon.com (sf-gw.epylon.com [63.93.9.98])
	by hub.freebsd.org (Postfix) with ESMTP id 4C86D37B401
	for <security@FreeBSD.ORG>; Thu, 12 Jul 2001 10:33:17 -0700 (PDT)
	(envelope-from jdicioccio@epylon.com)
Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19)
	id <3SVWDA92>; Thu, 12 Jul 2001 10:33:16 -0700
Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFEFB8@goofy.epylon.lan>
From: Jason DiCioccio <jdicioccio@epylon.com>
To: 'jamie rishaw' <jamie@playboy.com>, alexus <ml@db.nexgen.com>
Cc: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>,
	Gabriel Rocha <grocha@geeksimplex.org>, security@FreeBSD.ORG
Subject: RE: FreeBSD 4.3 local root
Date: Thu, 12 Jul 2001 10:33:15 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Unless you edit the shellcode of course ;)


- -------
Jason DiCioccio
Evil Genius
Unix BOFH

- -----Original Message-----
From: jamie rishaw [mailto:jamie@playboy.com]
Sent: Thursday, July 12, 2001 10:28 AM
To: alexus
Cc: Przemyslaw Frasunek; Gabriel Rocha; security@FreeBSD.ORG
Subject: Re: FreeBSD 4.3 local root


su
cd /tmp
touch sh
chmod 000 sh
chflags schg sh


On Thu, Jul 12, 2001 at 01:25:11PM -0400, alexus wrote:
> is there any fix for that?
> 
> ----- Original Message -----
> From: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl>
> To: "Gabriel Rocha" <grocha@geeksimplex.org>;
> <security@FreeBSD.ORG> Sent: Thursday, July 12, 2001 12:24 PM
> Subject: Re: FreeBSD 4.3 local root
> 
> 
> > > about how long does the exploit run before giving you a root
> > > shell? 
> >
> > Immediately. Shellcode calls /tmp/sh, not /bin/sh, so copy it to
> > /tmp. 
> >
> > --
> > * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL:
> > PMF9-RIPE * * Inet: przemyslaw@frasunek.com ** PGP:
> > D48684904685DF43EA93AFA13BE170BF * 
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

- -- 
jamie rishaw <jamie@playboy.com>
sr. wan/unix engineer/ninja // playboy enterprises inc.
opinions stated are mine, and are not necessarily those of the bunny.
dance like it hurts. love like you need money. work when people are
watching.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO03gNFCmU62pemyaEQJmbgCg8ub+e2jaxU4vuRQuHv27XcDzM9kAni5n
qQblYW5koiYt8F/R8CPPt7Lv
=4pPj
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message