[luau] FreeBSD Local Root exploit... it works ;)
R. Scott Belford
sctinc at flex.com
Tue Apr 23 13:00:09 PDT 2002
Thanks. Checking it out now.... Wow. 1991. And this still works?
Amazing. How can it not be patched? Thanks for the info, Charles, very
interesting.
scott
On Tuesday, April 23, 2002, at 09:36 AM, cpaul at telemetrybox.org wrote:
> Take a look at this comp.unix.admin posting:
> http://groups.google.com/groups?q=checklist+security+setuid+-linux+group:
> alt.security&hl=en&scoring=r&selm=1991May14.101450.830%40convex.com&rnum=
> 1
>
> On Tue, Apr 23, 2002 at 09:25:00AM -1000, R. Scott Belford wrote:
>> Hold on. This defies all that I understand about *bsd. (very easy to
>> do
>> since I know so little) You are telling me that there is a local root
>> exploit, known of for 13 years, that you are able to take advantage of
>> today? Does this mean that freebsd boxes are running with this hole
>> now
>> if no one patched them? I thought this distribution was know to be
>> more
>> responsive to security issues? Most interesting.
>>
>> scott
>>
>> On Tuesday, April 23, 2002, at 08:59 AM, cpaul at telemetrybox.org wrote:
>>
>>> Well, according to the Bugtraq list, this is an ancient bug that was
>>> reported in 1989.
>>>
>>> On Tue, Apr 23, 2002 at 08:56:20AM -1000, R. Scott Belford wrote:
>>>> I did not think *bsd distros had such holes. How long does it
>>>> usually
>>>> take the team to patch them?
>>>>
>>>> scott
>>>>
>>> _______________________________________________
>>> LUAU mailing list
>>> LUAU at videl.ics.hawaii.edu
>>> http://videl.ics.hawaii.edu/mailman/listinfo/luau
>>>
>>
>> _______________________________________________
>> LUAU mailing list
>> LUAU at videl.ics.hawaii.edu
>> http://videl.ics.hawaii.edu/mailman/listinfo/luau
>
> --
> "The human brain is like an enormous fish - it is flat and slimy and
> has gills through which it can see." - Monty Python
> GPG key: http://linefeed.org/~epsas/epsas.asc
> fingerprint: 4819 FBE0 5BE3 83FE E788 1AA4 A91C 5FB0 E3FF 4F9D
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau
>
More information about the LUAU
mailing list