RE: OpenBSD 2.9,2.8 local root compromise

From: Brian McKinney (rizzdoggat_private)
Date: Thu Jun 14 2001 - 14:03:17 PDT

Next message: Colby Rice: "Windows 2k SP2 breaks security fix should reapply"

Previous message: Dinos Pastos: "RE: personal web server directory traversal vulnerability patch"
Maybe in reply to: Georgi Guninski: "OpenBSD 2.9,2.8 local root compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Was this tested on OpenBSD 2.8 release or stable?

	I have tested your exploit on my OpenBSD 2.8 stable box and was
unable to get a root shell.  I tried it a few times with core dumps and then
it did work a couple times but there was no link in /tmp.  I went ahead and
rebooted my box, never executed /usr/bin/su and your code executed fine with
no core dumps but still had the same results with no link in /tmp.  Im no C
coder but im sure this has something to do with the amount of fork()'s in
$num or the value of $joro.  
my box is a P233 MMX with 64 megs of memory.  

Brian


----------------------------------------- snip
----------------------------------------------
Georgi Guninski security advisory #47, 2001

OpenBSD 2.9,2.8 local root compromise

Systems affected:
OpenBSD 2.9,2.8

Next message: Colby Rice: "Windows 2k SP2 breaks security fix should reapply"
Previous message: Dinos Pastos: "RE: personal web server directory traversal vulnerability patch"
Maybe in reply to: Georgi Guninski: "OpenBSD 2.9,2.8 local root compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 15 2001 - 10:10:23 PDT