|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
From: Andrew Farmer (andfarm
teknovis.com)
Date: Mon Jan 17 2005 - 03:39:55 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 17 Jan 2005, at 00:30, ZzagorR ZzagorR wrote:
> #!/usr/bin/php -a
> <?
> /*
> GNU gcc vuln. < 3.4.3
> By ZzagorR (MARMARA UNIVERSITY)
> zzagorrzzagorrhotmail.com
> http://www.rootbinbash.com
> thanks to [NST]
> ah vizeler ahhhhh
> */
<snip>
Ha ha ha.
Old "vulnerability". Equivalent to:
>> /* fake_vuln.c */
>> int getuid(void) { return 0; }
>> int geteuid(void) { return 0; }
>> int getgid(void) { return 0; }
>
> sh % gcc -shared fake_vuln.c -o fake_vuln.so
> sh % LD_PRELOAD=`pwd`/fake_vuln.so /bin/sh
> sh # id
> uid=0(root) gid=0(root) <etc etc etc>
> sh # cat /etc/shadow
> cat: /etc/shadow: Permission denied
The sad part is that rootbinbash.com has posted this as a real
vulnerability.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (Darwin)
iD8DBQFB64frPa6RRaKl0ScRAi5mAKD5+P/bWTxuF9iXZgQ3O0OUnVnyfgCfb/lH
xjdsPVN1iZpbxeclU8lYzws=
=1oHP
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]