Home page logo

bugtraq logo Bugtraq mailing list archives

RE: OpenBSD 2.9,2.8 local root compromise
From: Brian McKinney <rizzdogg () noc theworks com>
Date: Thu, 14 Jun 2001 14:03:17 -0700

Was this tested on OpenBSD 2.8 release or stable?

        I have tested your exploit on my OpenBSD 2.8 stable box and was
unable to get a root shell.  I tried it a few times with core dumps and then
it did work a couple times but there was no link in /tmp.  I went ahead and
rebooted my box, never executed /usr/bin/su and your code executed fine with
no core dumps but still had the same results with no link in /tmp.  Im no C
coder but im sure this has something to do with the amount of fork()'s in
$num or the value of $joro.  
my box is a P233 MMX with 64 megs of memory.  


----------------------------------------- snip
Georgi Guninski security advisory #47, 2001

OpenBSD 2.9,2.8 local root compromise

Systems affected:
OpenBSD 2.9,2.8

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]