From owner-freebsd-security  Thu Jul 12 13:12:31 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-73.dsl.lsan03.pacbell.net [63.207.60.73])
	by hub.freebsd.org (Postfix) with ESMTP id A9E6237B405
	for <security@FreeBSD.ORG>; Thu, 12 Jul 2001 13:12:24 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 6B89866BA6; Thu, 12 Jul 2001 13:12:22 -0700 (PDT)
Date: Thu, 12 Jul 2001 13:12:21 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: alexus <ml@db.nexgen.com>
Cc: Gabriel Rocha <grocha@geeksimplex.org>,
	Mike Tancsa <mike@sentex.net>, security@FreeBSD.ORG
Subject: Re: FreeBSD 4.3 local root
Message-ID: <20010712131221.A10885@xor.obsecurity.org>
References: <001f01c10af7$9b42f120$97625c42@alexus> <5.1.0.14.0.20010712132715.035c48a0@marble.sentex.ca> <001801c10b0e$1976d370$97625c42@alexus>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <001801c10b0e$1976d370$97625c42@alexus>; from ml@db.nexgen.com on Thu, Jul 12, 2001 at 04:06:12PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Jul 12, 2001 at 04:06:12PM -0400, alexus wrote:
> doesn't work for me on 4.2R

Guys, you might as well just stop frobbing with the exploit and
install the patch.  The vulnerability is real, even if you can't get
this instance of the exploit to work.

Kris

--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7TgSkWry0BWjoQKURAnFUAKDjaUad0/YHC64SR7zeyrClndcNUACeNlCp
ajc2RzwZ9K/IQxw9NNElrA0=
=QaM+
-----END PGP SIGNATURE-----

--Q68bSM7Ycu6FN28Q--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message