[26738] in bugtraq
Re: Freebsd FD exploit
daemon@ATHENA.MIT.EDU (Jacques A. Vidrine)
Mon Aug 19 20:22:36 2002
Date: Mon, 19 Aug 2002 17:05:04 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: dvdman <dvdman@l33tsecurity.com>
Message-ID: <20020819220504.GB40123@madman.nectar.cc>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
dvdman <dvdman@l33tsecurity.com>, bugtraq@lists.securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <005901c2471b$ea4bf210$6401a8c0@laptop>
On Sun, Aug 18, 2002 at 09:01:13PM -0400, dvdman wrote:
> /* Proof Of Concept exploit for the Freebsd file descriptors bug. Freebsd
> thought they fixed this months ago well guess again :P Thanks to the
> Freebsd kernel you may now enjoy local root on all freebsd <=4.6 ;) */
[...]
> And Freebsd thought they fixed this :P
Well, it _is_ fixed, as of July 30.
[...]
> thanks Georgi Guninski for ideas
[...]
> Several months ago Joost Pol <joost@pine.nl> made public almost the same
> problem. FreeBSD fixed it, but the patch does not cover all the cases.
[...]
> PROOF:
> [dvdman@xxxx:~]$ uname -a
> FreeBSD xxx.xx 4.6-STABLE FreeBSD 4.6-STABLE #1: Sat Jul27 20:16:20 GMT 2002 dvdman@xxxx:/usr/obj/usr/src/sys/xxx i386
Yes, there was a case missed. Georgi caught it and let us know about
it (thanks, Georgi!), and it was repaired around 2002-07-30 15:40:46
UTC in all branches. We released an updated advisory around then, as
well.
Cheers,
--
Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se
