[11664] in bugtraq
Re: FreeBSD (and other BSDs?) local root explot
daemon@ATHENA.MIT.EDU (Stas Kisel)
Thu Sep 2 23:50:05 1999
Message-Id: <199909010805.MAA24754@sonet.crimea.ua>
Date: Wed, 1 Sep 1999 12:05:01 +0400
Reply-To: Stas Kisel <stas@SONET.CRIMEA.UA>
From: Stas Kisel <stas@SONET.CRIMEA.UA>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
> From: Ollivier Robert <roberto@EUROCONTROL.FR>
> Subject: Re: FreeBSD (and other BSDs?) local root explot
>
> According to Todd C. Miller:
> > that one of the FreeBSD guys was recently working on incorporating
> > changes from the OpenBSD fts.c. I don't see the relevant change in
> > FreeBSD-current though.
> It has been committed to all three branches, 4.0-CURRENT, 3.2-STABLE and
> even 2.2-STABLE.
> Log:
> Don't follow symlinks on coredumps and ktrace.
This does not fix the bug in fts.c.
I believe that this bug can be exploited to gain root privileges in other
way than overwriting files with a core.
I still have not exploit, so this is theoretical problem only.
But many people like "to make theoretical practical" :)
\bye
Stas
