Date: Thu, 12 Jul 2001 16:10:54 -0400 From: "alexus" <ml@db.nexgen.com> To: "serkoon" <serkoon@thedarkside.nl>, <security@freebsd.org> Subject: Re: FreeBSD 4.3 local root Message-ID: <003201c10b0e$c1cab6e0$97625c42@alexus> References: <657B20E93E93D4118F9700D0B73CE3EA02FFEFB7@goofy.epylon.lan> <005701c10af9$bd7a7c20$0200000a@kilmarnock>
next in thread | previous in thread | raw e-mail | index | archive | help
not true alexus@opt:~$ sh $ ./vv vvfreebsd. Written by Georgi Guninski shall jump to bfbffe70 child=780 login: done and nothin is happenin ----- Original Message ----- From: "serkoon" <serkoon@thedarkside.nl> To: <security@freebsd.org> Sent: Thursday, July 12, 2001 1:40 PM Subject: Re: FreeBSD 4.3 local root > Somebody said something somewhere: > > > is the binary named 'vv' ? > > > > It has to be. > > The binary doesn't need to be named 'vv', that's bull. > > However.. there are several reports (myself included) > of people not being able to succesfully run the exploit > because of the used shell. Normally I use bash (2.05.?), > but somebody told me he could succesfully exploit > the bug using Midnight Commander, so I tried that. > > It worked for me. So I did a bit thinking and executed > /bin/sh. That was what was needed to run the exploit > successfully. No need to change the exploitcode > or build it as 'vv', just use /bin/sh as shell. > > Regards.. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003201c10b0e$c1cab6e0$97625c42>