[luau] FreeBSD Local Root exploit... it works ;)

cpaul at telemetrybox.org cpaul at telemetrybox.org
Tue Apr 23 12:36:26 PDT 2002


Take a look at this comp.unix.admin posting:
http://groups.google.com/groups?q=checklist+security+setuid+-linux+group:alt.security&hl=en&scoring=r&selm=1991May14.101450.830%40convex.com&rnum=1

On Tue, Apr 23, 2002 at 09:25:00AM -1000, R. Scott Belford wrote:
> Hold on.  This defies all that I understand about *bsd. (very easy to do 
> since I know so little)   You are telling me that there is a local root 
> exploit, known of for 13 years, that you are able to take advantage of 
> today?  Does this mean that freebsd boxes are running with this hole now 
> if no one patched them?  I thought this distribution was know to be more 
> responsive to security issues?  Most interesting.
> 
> scott
> 
> On Tuesday, April 23, 2002, at 08:59  AM, cpaul at telemetrybox.org wrote:
> 
> >Well, according to the Bugtraq list, this is an ancient bug that was 
> >reported in 1989.
> >
> >On Tue, Apr 23, 2002 at 08:56:20AM -1000, R. Scott Belford wrote:
> >>I did not think *bsd distros had such holes.  How long does it usually
> >>take the team to patch them?
> >>
> >>scott
> >>
> >_______________________________________________
> >LUAU mailing list
> >LUAU at videl.ics.hawaii.edu
> >http://videl.ics.hawaii.edu/mailman/listinfo/luau
> >
> 
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau

-- 
"The human brain is like an enormous fish - it is flat and slimy and has gills through which it can see." - Monty Python
GPG key: http://linefeed.org/~epsas/epsas.asc
fingerprint: 4819 FBE0 5BE3 83FE E788  1AA4 A91C 5FB0 E3FF 4F9D



More information about the LUAU mailing list