[21035] in bugtraq
RE: OpenBSD 2.9,2.8 local root compromise
daemon@ATHENA.MIT.EDU (Brian McKinney)
Fri Jun 15 13:09:48 2001
Message-ID: <70465867425FD411A011006008926532013ACB@noc.theworks.com>
From: Brian McKinney <rizzdogg@noc.theworks.com>
To: "'Georgi Guninski'" <guninski@guninski.com>
Cc: "'BUGTRAQ@securityfocus.com'" <BUGTRAQ@securityfocus.com>
Date: Thu, 14 Jun 2001 14:03:17 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="koi8-r"
Was this tested on OpenBSD 2.8 release or stable?
I have tested your exploit on my OpenBSD 2.8 stable box and was
unable to get a root shell. I tried it a few times with core dumps and then
it did work a couple times but there was no link in /tmp. I went ahead and
rebooted my box, never executed /usr/bin/su and your code executed fine with
no core dumps but still had the same results with no link in /tmp. Im no C
coder but im sure this has something to do with the amount of fork()'s in
$num or the value of $joro.
my box is a P233 MMX with 64 megs of memory.
Brian
----------------------------------------- snip
----------------------------------------------
Georgi Guninski security advisory #47, 2001
OpenBSD 2.9,2.8 local root compromise
Systems affected:
OpenBSD 2.9,2.8
