[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
From: Andrew Farmer <andfarm@xxxxxxxxxxxx>
Date: Mon, 17 Jan 2005 01:39:55 -0800

On 17 Jan 2005, at 00:30, ZzagorR ZzagorR wrote:

#!/usr/bin/php -a
<?
/*
GNU gcc vuln. < 3.4.3
By ZzagorR (MARMARA UNIVERSITY)
zzagorrzzagorr@xxxxxxxxxxx
http://www.rootbinbash.com
thanks to [NST]
ah vizeler ahhhhh
*/

<snip>

Ha ha ha.

Old "vulnerability". Equivalent to:

/* fake_vuln.c */
int getuid(void) { return 0; }
int geteuid(void) { return 0; }
int getgid(void) { return 0; }


sh % gcc -shared fake_vuln.c -o fake_vuln.so
sh % LD_PRELOAD=`pwd`/fake_vuln.so /bin/sh
sh # id
uid=0(root) gid=0(root) <etc etc etc>
sh # cat /etc/shadow
cat: /etc/shadow: Permission denied

The sad part is that rootbinbash.com has posted this as a real vulnerability.

Attachment: PGP.sig
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
  - From: Christian

References:
- [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
  - From: ZzagorR ZzagorR

Prev by Date: [Full-Disclosure] Wide spread DSV
Next by Date: Re: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
Previous by thread: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
Next by thread: Re: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
Index(es):
- Date
- Thread