Bugtraq: Re: FreeBSD 3.3 gated-3.1.5 local exploit

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: FreeBSD 3.3 gated-3.1.5 local exploit

From: kris () HUB FREEBSD ORG (Kris Kennaway)
Date: Wed, 1 Dec 1999 11:32:52 -0800


On Tue, 30 Nov 1999, Brock Tellier wrote:

/usr/local/bin/gdc contains a buffer overflow that may ONLY be exploited
by the group 'wheel'.  According to the man page the default group is
"gdmaint", but it was not installed this way by default on my system, nor
were any instructions given to make a gdmaint group.  The overflow comes


This is a problem, but it's not just with FreeBSD - obviously if you
follow these instructions then you're just giving root to members of
gdmaint, not wheel (which may in fact be worse, if you trust people to use
gdc who you don't trust with the wheel bit (i.e. those who can legally su
to root if they knew the password)).

Kris

By Date By Thread

Current thread:

FreeBSD 3.3 gated-3.1.5 local exploit Brock Tellier (Nov 30)
- Re: FreeBSD 3.3 gated-3.1.5 local exploit Kris Kennaway (Dec 01)
- Windows NT Task Scheduler vulnerability allows user to administrator elevation Arne Vidstrom (Dec 01)