bin/90228: lokal rooting
Ph03n1X
king_purba at yahoo.co.uk
Sun Dec 11 01:10:05 PST 2005
>Number: 90228
>Category: bin
>Synopsis: lokal rooting
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Dec 11 09:10:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Ph03n1X
>Release: 6.0 releses
>Organization:
nightlogin gadjah mada university
>Environment:
FreeBSD student.te.ugm.ac.id 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root at x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386
>Description:
This is the vulneralability description :
$cat tes.c
main()
{
setuid(0);
setgid(0);
system("/bin/sh");
}
$su -
Password:
#gcc -o tes tes.c
#chmod +s tes
#exit
$id
uid=1228(shelda03) gid=1228(shelda03) groups=1228(shelda03)
$./tes
#id
uid=0(root) gid=0(wheel) groups=0(wheel), 1228(shelda03)
>How-To-Repeat:
I don't know
>Fix:
I don't know
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list