From owner-freebsd-security Thu Jul 12 10:42:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id 42CB737B405 for ; Thu, 12 Jul 2001 10:42:28 -0700 (PDT) (envelope-from jdicioccio@epylon.com) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id <3SVWDA0V>; Thu, 12 Jul 2001 10:42:27 -0700 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFEFBA@goofy.epylon.lan> From: Jason DiCioccio To: 'serkoon' , security@freebsd.org Subject: RE: FreeBSD 4.3 local root Date: Thu, 12 Jul 2001 10:42:20 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hmm.. I used /bin/sh in both cases and for some reason a.out did not work as a binary name for me. I have seen other reports of this too.. But I guess judging by the code that doesn't really make much sense.. ;).. Ah well, I still know I'm not the only one who had that problem :) - ------- Jason DiCioccio Evil Genius Unix BOFH - -----Original Message----- From: serkoon [mailto:serkoon@thedarkside.nl] Sent: Thursday, July 12, 2001 10:40 AM To: security@freebsd.org Subject: Re: FreeBSD 4.3 local root Somebody said something somewhere: > is the binary named 'vv' ? > > It has to be. The binary doesn't need to be named 'vv', that's bull. However.. there are several reports (myself included) of people not being able to succesfully run the exploit because of the used shell. Normally I use bash (2.05.?), but somebody told me he could succesfully exploit the bug using Midnight Commander, so I tried that. It worked for me. So I did a bit thinking and executed /bin/sh. That was what was needed to run the exploit successfully. No need to change the exploitcode or build it as 'vv', just use /bin/sh as shell. Regards.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBO03iVVCmU62pemyaEQKPagCfan/tLtDjmnyVgQhPiZOrzczZI7YAn1FH PiJVdhUfq3BMwFP2FJcTjV0A =Gb43 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message