Re: GNU gcc vuln. < 3.4.3 local root (.php)

On 17 Jan 2005, at 00:30, ZzagorR ZzagorR wrote:
> #!/usr/bin/php -a
> <?
> /*
> GNU gcc vuln. < 3.4.3
> By ZzagorR (MARMARA UNIVERSITY)
> zzagorrzzagorr_at_hotmail.com
> http://www.rootbinbash.com
> thanks to [NST]
> ah vizeler ahhhhh
> */
<snip>

Ha ha ha.

Old "vulnerability". Equivalent to:

>> /* fake_vuln.c */
>> int getuid(void) { return 0; }
>> int geteuid(void) { return 0; }
>> int getgid(void) { return 0; }
>
> sh % gcc -shared fake_vuln.c -o fake_vuln.so
> sh % LD_PRELOAD=`pwd`/fake_vuln.so /bin/sh
> sh # id
> uid=0(root) gid=0(root) <etc etc etc>
> sh # cat /etc/shadow
> cat: /etc/shadow: Permission denied

The sad part is that rootbinbash.com has posted this as a real
vulnerability.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html