lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Nov 2009 21:45:38 -0800
From: bk <chort0@...il.com>
To: David Berard <contact@...idberard.fr>,
 full-disclosure@...ts.grok.org.uk
Subject: Re: ** FreeBSD local r00t zeroday



On Nov 30, 2009, at 9:25 PM, David Berard wrote:

>> 7.0 not vuln.
> 
> 7.0 vulnerable here,
> 
> $ ./env 
> /libexec/ld-elf.so.1: environment corrupt; missing value for 
> /libexec/ld-elf.so.1: environment corrupt; missing value for 
> /libexec/ld-elf.so.1: environment corrupt; missing value for 
> /libexec/ld-elf.so.1: environment corrupt; missing value for 
> /libexec/ld-elf.so.1: environment corrupt; missing value for 
> ALEX-ALEX
> # uname -r
> 7.0-RELEASE-p3

Here as well:

bin/Kingcope.sh: new file: 35 lines, 772 characters.
[chort@...on ~]$ chmod +x bin/Kingcope.sh 
[chort@...on ~]$ Kingcope.sh 
bin ktrace.out scratch vent_stalk FreeBSD local r00t zeroday
by Kingcope
November 2009
env.c: In function 'main':
env.c:5: warning: incompatible implicit declaration of built-in function 'malloc'
env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy'
env.c:11: warning: incompatible implicit declaration of built-in function 'execl'
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
ALEX-ALEX
# whoami
root
# uname -a
FreeBSD demon.smtps.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008     root@...an.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

It's a VM if that matters.

--
chort

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists