[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
From: Christian <evilninja@xxxxxxx>
Date: Tue, 18 Jan 2005 05:16:39 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Farmer schrieb:
> 
> Old "vulnerability". Equivalent to:
> 
>>> /* fake_vuln.c */
>>> int getuid(void) { return 0; }
>>> int geteuid(void) { return 0; }
>>> int getgid(void) { return 0; }
>>
>>
>> sh % gcc -shared fake_vuln.c -o fake_vuln.so
>> sh % LD_PRELOAD=`pwd`/fake_vuln.so /bin/sh
>> sh # id
>> uid=0(root) gid=0(root) <etc etc etc>
>> sh # cat /etc/shadow
>> cat: /etc/shadow: Permission denied

there is even a package in my linux-distribution for this, called "fakeroot":

evil@sheep:~$ fakeroot
root@sheep:~# whoami
root

- --
BOFH excuse #38:

secretary plugged hairdryer into UPS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB7I2nC/PVm5+NVoYRAo+VAJ46m6C9v61ukMCq8p525h8CxNrGcQCfbqbO
uNmpG/WGygmCtHgGq/fHX48=
=0/7e
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
  - From: ZzagorR ZzagorR
- Re: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
  - From: Andrew Farmer

Prev by Date: Re: [Full-Disclosure] Steam looses its power
Next by Date: [Full-Disclosure] [USN-61-1] vim vulnerabilities
Previous by thread: Re: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
Next by thread: Re: [Full-Disclosure] GNU gcc vuln. < 3.4.3 local root (.php)
Index(es):
- Date
- Thread