On Tuesday 01 December 2009 06.45.38 bk wrote:
On Nov 30, 2009, at 9:25 PM, David Berard wrote:
7.0 not vuln.
7.0 vulnerable here,
$ ./env
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
I have a box with release 7.1
uname -a gives back this :
FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 i686 i686 i386
GNU/Linux
by running the exploit it gives me this error and doesn't getting rooted..I
didn't do anything to patch it ..:s and it doesn't works :p
FreeBSD local r00t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
A short time ago a local root exploit was posted to the full-disclosure
mailing list; as the name suggests, this allows a local user to execute
arbitrary code as root.
Normally it is the policy of the FreeBSD Security Team to not publicly
The patch is at
http://people.freebsd.org/~cperciva/rtld.patch
This patch doesn't work under FreeBSD 7.x due to inexistant
unsetenv(LD_ ELF_HINTS_PATH); in rtld.c
This patch seem to fix the issue on FreeBSD 7.x
--- /usr/src/libexec/rtld-elf/rtld.c2008-11-25 03:59:29.0 +0100
--
Message: 7
Date: Mon, 30 Nov 2009 17:58:07 -0600
From: Paul Schmehl pschmehl_li...@tx.rr.com
Subject: Re: [Full-disclosure] Software developer looks at CRU code
To: valdis.kletni...@vt.edu, full-disclosure@lists.grok.org.uk
Message-ID:
Not to disappoint, but it doesn't look like it even compiled, might be
the reason it didn't work.
Sent from my iPhone
On 1 Dec 2009, at 11:59, r00f r00f r00f...@gmail.com wrote:
I have a box with release 7.1
uname -a gives back this :
FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009
Confirmed on FreeBSD 8.0
$ uname -a
FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC
2009 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
i386
$ id
uid=1001(rportvli) gid=1001(rportvli) groups=1001(rportvli)
$ ./freebsd-0day.sh
Desktop env env.c freebsd-0day.sh
Confirmed on FreeBSD 7.2-RELEASE (GENERIC).
Dawid
On 30 Nov 2009, at 22:12, Kingcope wrote:
** FreeBSD local r00t 0day
Discovered Exploited by Nikolaos Rangos also known as Kingcope.
Nov 2009 BiG TiME
Go fetch your FreeBSD r00tkitz // http://www.youtube.com/watch?v=dDnhthI27Fg
There is
LOL r00f r00f didn't have gcc installed :-O
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On Tuesday 01 December 2009 12.59.59 r00f r00f wrote:
I have a box with release 7.1
uname -a gives back this :
FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 i686 i686 i386
GNU/Linux
and a freebsd uname -a looks like this:
FreeBSD foobarbaz 7.2-STABLE FreeBSD 7.2-STABLE #21
*From*: Oliver Pinter oliver.pinter () gmail com
*Date*: Tue, 1 Dec 2009 18:28:33 +0100
--
On Tuesday 01 December 2009 12.59.59 r00f r00f wrote:
I have a box with release 7.1
uname -a gives back this :
FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009
On Tuesday 01 December 2009 18.58.55 r00f r00f wrote:
*From*: Oliver Pinter oliver.pinter () gmail com
*Date*: Tue, 1 Dec 2009 18:28:33 +0100
--
On Tuesday 01 December 2009 12.59.59 r00f r00f wrote:
I have a box with release 7.1
uname -a gives back
*From*: Oliver Pinter oliver.pinter () gmail com
*Date*: Tue, 1 Dec 2009 19:13:55 +0100
--
and what is your:
sysctl kern.osreldate ?
Here it is!
kern.osreldate: 701000
___
Full-Disclosure - We believe in it.
Charter:
BEGIN TRANSMISSION
7040dc5b9583e367068a06f25a7bce8a
93e085c3571947bb935af4c8e62df42e
bd9859da693421728921176693226dbb
27d4a0a73b79efc8f229e709bf9c5858
b49b4e3ece77173db3a3ce246f31ba56
bfca9db2ba007b1c44e5fca8b8f05a0e
0da3451c72565616d07010df1b241737
0a6857b1895b228050776841b32affd6
On Dec 1, 2009, at 10:33 AM, r00f r00f wrote:
From: Oliver Pinter oliver.pinter () gmail com
Date: Tue, 1 Dec 2009 19:13:55 +0100
and what is your:
sysctl kern.osreldate ?
Here it is!
kern.osreldate: 701000 ___
Full-Disclosure - We
I think we're missing the point here. The exploit didnt compile due to
his/her copy of gcc which apparently doesnt understand -fPIC
c1: error: unrecognized command line option -fPIC. Thus, obviously,
there's no chance it was ever going to work.
On Tue, Dec 1, 2009 at 7:47 PM, bk cho...@gmail.com
http://lists.grok.org.uk/pipermail/full-disclosure/2009-November/071689.html
$ uname -a
FreeBSD serev1.domena.pl 7.2-STABLE FreeBSD 7.2-STABLE #1: Tue Dec 1
19:42:43 CET 2009 r...@server1.domena.pl:/usr/src/sys/i386/compile/kern1
i386
$ ./test.sh
env env.c program.c program.o test.sh
BEGIN TRANSMISSION
7040dc5b9583e367068a06f25a7bce8a
wtf is this? .. up until the last line it looks like md5 hashes.
Number stations used to be fun to find when I was like 15 .. and I
thought for a minute this might be something funny when run through john
with format=raw-MD5, but ..meh.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Holstein wrote:
BEGIN TRANSMISSION
7040dc5b9583e367068a06f25a7bce8a
wtf is this? .. up until the last line it looks like md5 hashes.
Number stations used to be fun to find when I was like 15 .. and I
thought for a minute this
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200912-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
http://www.wired.com/threatlevel/2009/12/gps-data/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
If you read the article, that 8 million figure is the number of
samplings, not the number of requests or the number of subscribers
monitored. The article says that they can get data every 3 minutes
over a 60 day period, which is 28,800 samples. Diving that into 8
million gives you 278 individual
As datda is gathered, there is someone who will request it..the only
conclusion is not to gahter data!
Von: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] Im Auftrag von Ivan .
Gesendet: Mittwoch, 02. Dezember 2009 01:30
An: full-disclosure
Except that if you look at the report, you see that one request was made just
37 seconds after the first, yet only 6 were made in the hour. So who really
knows? They can obviously request whatever they want when they want. Also,
based on what the reported statement was, anyone with a logon
In the interests of Full Disclosure, read the code yourselves:
http://di2.nu/foia/HARRY_READ_ME-0.html
-Original Message-
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of RandallM
Sent: Tuesday, December 01, 2009 5:21 AM
25 matches
Mail list logo