Bugtraq mailing list archives
RE: OpenBSD 2.9,2.8 local root compromise
From: Brian McKinney <rizzdogg () noc theworks com>
Date: Thu, 14 Jun 2001 14:03:17 -0700
Was this tested on OpenBSD 2.8 release or stable? I have tested your exploit on my OpenBSD 2.8 stable box and was unable to get a root shell. I tried it a few times with core dumps and then it did work a couple times but there was no link in /tmp. I went ahead and rebooted my box, never executed /usr/bin/su and your code executed fine with no core dumps but still had the same results with no link in /tmp. Im no C coder but im sure this has something to do with the amount of fork()'s in $num or the value of $joro. my box is a P233 MMX with 64 megs of memory. Brian ----------------------------------------- snip ---------------------------------------------- Georgi Guninski security advisory #47, 2001 OpenBSD 2.9,2.8 local root compromise Systems affected: OpenBSD 2.9,2.8
Current thread:
- Re: OpenBSD 2.9,2.8 local root compromise, (continued)
- Re: OpenBSD 2.9,2.8 local root compromise Jason R Thorpe (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Andreas Haugsnes (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Rick Updegrove (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Georgi Guninski (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise dmuz (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Andreas Haugsnes (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Tony Lambiris (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise Peter van Dijk (Jun 16)
- Re: OpenBSD 2.9,2.8 local root compromise Jason R Thorpe (Jun 15)
- Re: OpenBSD 2.9,2.8 local root compromise jon (Jun 15)
- RE: OpenBSD 2.9,2.8 local root compromise Brian McKinney (Jun 15)