Bugtraq mailing list archives
RE: OpenBSD 2.9,2.8 local root compromise
From: Brian McKinney <rizzdogg () noc theworks com>
Date: Thu, 14 Jun 2001 14:03:17 -0700
Was this tested on OpenBSD 2.8 release or stable?
I have tested your exploit on my OpenBSD 2.8 stable box and was
unable to get a root shell. I tried it a few times with core dumps and then
it did work a couple times but there was no link in /tmp. I went ahead and
rebooted my box, never executed /usr/bin/su and your code executed fine with
no core dumps but still had the same results with no link in /tmp. Im no C
coder but im sure this has something to do with the amount of fork()'s in
$num or the value of $joro.
my box is a P233 MMX with 64 megs of memory.
Brian
----------------------------------------- snip
----------------------------------------------
Georgi Guninski security advisory #47, 2001
OpenBSD 2.9,2.8 local root compromise
Systems affected:
OpenBSD 2.9,2.8
Current thread:
- Re: OpenBSD 2.9,2.8 local root compromise, (continued)
- Re: OpenBSD 2.9,2.8 local root compromise Jason R Thorpe (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Andreas Haugsnes (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Rick Updegrove (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Georgi Guninski (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise dmuz (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Andreas Haugsnes (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Tony Lambiris (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Peter van Dijk (Jun 16)
- Re: OpenBSD 2.9,2.8 local root compromise Jason R Thorpe (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise jon (Jun 15)
- RE: OpenBSD 2.9,2.8 local root compromise Brian McKinney (Jun 15)