[21049] in bugtraq
Re: OpenBSD 2.9,2.8 local root compromise
daemon@ATHENA.MIT.EDU (Rick Updegrove)
Fri Jun 15 22:08:19 2001
Message-ID: <004d01c0f5dc$0b1ffd70$0200a8c0@nothing>
From: "Rick Updegrove" <dislists@updegrove.net>
To: "Andreas Haugsnes" <andreas@haugsnes.no>,
"Bugtraq" <BUGTRAQ@securityfocus.com>
Date: Fri, 15 Jun 2001 13:44:57 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
From: "Andreas Haugsnes" <andreas@haugsnes.no>
The exploit does work! It is not easy to execute however, (thank goodness) It
took me several tries on OpenBSD 2.8
It is all about timing.
> The OpenBSD-team has known about this for -6- days (15th of June),
They knew about it a lot longer than that! There was a post before guninski's
about it that never developed into a thread for some reason. My reply to it was
rejected!
> and they haven't been able to come up with atleast a temporary fix?
> I can't find anything on errdata / security warnings,
> what's up with that?
It been fixed the patch is available.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch"
