lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 1 Dec 2009 18:28:33 +0100
From: Oliver Pinter <oliver.pinter@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: ** FreeBSD local r00t zeroday

On Tuesday 01 December 2009 12.59.59 r00f r00f wrote:
> I have a box with release 7.1
>
> uname -a gives back this :
>
> FreeBSD 7.1-RELEASE #0: Thu Jan  1 14:37:25 UTC 2009 i686 i686 i386
> GNU/Linux

and a freebsd uname -a looks like this:

FreeBSD foobarbaz 7.2-STABLE FreeBSD 7.2-STABLE #21 r199967+31134af: Tue Dec  
1 02:54:53 CET 2009     root@...barbaz:/usr/obj/usr/src/sys/stable  amd64

but it's a good shot ;)


>
> by running the exploit it gives me this error and doesn't getting rooted..I
> didn't do anything to patch it ..:s and it doesn't works :p
>
> FreeBSD local r00t zeroday
> by Kingcope
> November 2009
> env.c: In function 'main':
> env.c:5: warning: incompatible implicit declaration of built-in function
> 'malloc'
> env.c:9: warning: incompatible implicit declaration of built-in function
> 'strcpy'
> env.c:11: warning: incompatible implicit declaration of built-in function
> 'execl'
> "c1: error: unrecognized command line option "-fPIC
> gcc: program.o: No such file or directory
> 'cc: unrecognized option '-nostartfiles
> cp: cannot stat `w00t.so.1.0': No such file or directory
> test.sh: line 35: ./env: No such file or directory



-- 
thanks,
Oliver

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists