lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <672FC9CE-C48E-4A7A-A0BF-66587A2996DC@davidberard.fr>
Date: Tue, 1 Dec 2009 06:25:25 +0100
From: David Berard <contact@...idberard.fr>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: ** FreeBSD local r00t zeroday

> 7.0 not vuln.

7.0 vulnerable here,

$ ./env 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
ALEX-ALEX
# uname -r
7.0-RELEASE-p3

> 
> On Mon, Nov 30, 2009 at 10:49 PM, Ed Carp <erc at pobox.com> wrote:
> 
>> On 11/30/09, Kingcope <kcope2 at googlemail.com> wrote:
>> 
>>> Systems tested/affected
>>> **********************************
>>> FreeBSD 8.0-RELEASE *** VULNERABLE
>>> FreeBSD 7.1-RELEASE *** VULNERABLE
>>> FreeBSD 6.3-RELEASE *** NOT VULN
>>> FreeBSD 4.9-RELEASE *** NOT VULN
>> 
>> Glad I still run 6.3!  How about 6.4?
>> 
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>> 

> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

--
David BERARD
-------------------------------------------------
contact(at)davidberard.fr
GPG|PGP KeyId 0xC8533354
GPG|PGP Key http://davidberard.fr/C8533354.gpgkey
-------------------------------------------------
*          No electrons were harmed in          *
*         the transmission of this email        *


Download attachment "PGP.sig" of type "application/pgp-signature" (164 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ