Bugtraq mailing list archives
Re: FreeBSD 4.3 local root
From: Foldi Tamas <crow () kapu hu>
Date: 13 Jul 2001 13:39:02 +0200
Quick workaround is to limit arguments, environment and filter non-ascii characters: http://www.frasunek.com/sources/security/rexec/
This workaround not complete, because it doesn't protect for the bug exploitation. For example the attacker can send the shellcode via stdin to the suid program. It's address can also be determined with removing the suid bit from the program, and tracing it non-root. What's your opinion? (BTW, rexec is generally a good idea, we like it) Best regards, Megyer Ur (lez), Foldi Ur -- . . _ __ ______________________________________________________ __ _ . . Foldi Tamas - We Are The Hashmark In The Rootshell - Security Consultant crow () kapu hu - PGP: finger://crow () thot banki hu - (+3630) 221-7477
Current thread:
- Re: FreeBSD 4.3 local root Przemyslaw Frasunek (Jul 11)
- Re: FreeBSD 4.3 local root Matias Sedalo (Jul 15)
- Re: FreeBSD 4.3 local root Foldi Tamas (Jul 15)
- Re: FreeBSD 4.3 local root Przemyslaw Frasunek (Jul 15)