sudah ada patch tp blom test lg<br><br>-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Hi all,<br>
<br>
A short time ago a "local root" exploit was posted to the full-disclosure<br>
mailing list; as the name suggests, this allows a local user to execute<br>
arbitrary code as root.<br>
<br>
Normally it is the policy of the <span class="il">FreeBSD</span> <span class="il">Security</span> Team to not publicly<br>
discuss <span class="il">security</span> issues until an advisory is ready, but in this case<br>
since exploit code is already widely available I want to make a patch<br>
available ASAP. Due to the short timeline, it is possible that this<br>
patch will not be the final version which is provided when an advisory<br>
is sent out; it is even possible (although highly doubtful) that this<br>
patch does not fully fix the issue or introduces new issues -- in short,<br>
use at your own risk (even more than usual).<br>
<br>
The patch is at<br>
<a href="http://people.freebsd.org/%7Ecperciva/rtld.patch" target="_blank">http://people.<span class="il">freebsd</span>.org/~cperciva/rtld.patch</a><br>
and has SHA256 hash<br>
ffcba0c20335dd83e9ac0d0e920faf<div id=":p4" class="ii gt">5b4aedf366ee5a41f548b95027e3b770c1<br>
<br>
I expect a full <span class="il">security</span> advisory concerning this issue will go out on<br>
Wednesday December 2nd.<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.10 (<span class="il">FreeBSD</span>)<br>
<br>
iEYEARECAAYFAksUbjcACgkQFdaIBMps37LP9ACgljaYCfgVuhD2gd9Natpq4H/9<br>
i48An1mgl+Mih+AWN7J9KZ1rsiEU31IZ<br>
=MPXj<br>
-----END PGP SIGNATURE-----<br>
<br>
--<br>
Colin Percival<br>
<span class="il">Security</span> Officer, <span class="il">FreeBSD</span> | <a href="http://freebsd.org/" target="_blank"><span class="il">freebsd</span>.org</a> | The power to serve<br>
Founder / author, Tarsnap | <a href="http://tarsnap.com/" target="_blank">tarsnap.com</a> | Online backups for the truly paranoid<br>
</div><br><br><div class="gmail_quote">2009/12/2 Harisfazillah Jamel <span dir="ltr"><<a href="mailto:linuxmalaysia@gmail.com">linuxmalaysia@gmail.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Ya betul :) Apache id kalau dah masuk, masukkan shell dan .... Reset<br>
password root dan SSH masuk.<br>
<br>
2009/12/2 Yusof Khalid - FreeBSD / OpenBSD <<a href="mailto:fryshadow@gmail.com">fryshadow@gmail.com</a>>:<br>
<div><div></div><div class="h5">> kalau web application tu vulnerable and boleh lepas masuk ke server mungkin<br>
> parah juga :)<br>
><br>
> On Wed, Dec 2, 2009 at 3:07 PM, Harisfazillah Jamel<br>
> <<a href="mailto:linuxmalaysia@gmail.com">linuxmalaysia@gmail.com</a>> wrote:<br>
>><br>
>> Sebab itu penting kita pastikan.<br>
>><br>
>> 1) password pengguna mesti kuat supaya lambat untuk kena break dan<br>
>> sempatlah kita untuk patch.<br>
>> 2) System akaun atau application akaun shell gunakan /dev/null atau<br>
>> /bin/nologin<br>
>> 3) Akaun tak guna (dormant) kita buang.<br>
>> 4) Nama users kenalah yang pelik-pelik janganlah john mary superman :)<br>
>><br>
>> Bug pasti akan ada. Yang penting cepat atau lambat kita patch. :)<br>
>><br>
>> On Wed, Dec 2, 2009 at 2:05 PM, Yusof Khalid - FreeBSD / OpenBSD<br>
>> <<a href="mailto:fryshadow@gmail.com">fryshadow@gmail.com</a>> wrote:<br>
>> > $ id<br>
>> > uid=1002(test) gid=1002(test) groups=1002(test)<br>
>> > $ sh exploit.sh<br>
>> > env env.c exploit.sh program.c program.o w00t.so.1.0 FreeBSD local r00t<br>
>> > zeroday<br>
>> > by Kingcope<br>
>> > November 2009<br>
>> > env.c: In function 'main':<br>
>> > env.c:5: warning: incompatible implicit declaration of built-in function<br>
>> > 'malloc'<br>
>> > env.c:9: warning: incompatible implicit declaration of built-in function<br>
>> > 'strcpy'<br>
>> > env.c:11: warning: incompatible implicit declaration of built-in<br>
>> > function<br>
>> > 'execl'<br>
>> > cp: /tmp/w00t.so.1.0: Permission denied<br>
>> > /libexec/ld-elf.so.1: environment corrupt; missing value for<br>
>> > /libexec/ld-elf.so.1: environment corrupt; missing value for<br>
>> > /libexec/ld-elf.so.1: environment corrupt; missing value for<br>
>> > /libexec/ld-elf.so.1: environment corrupt; missing value for<br>
>> > /libexec/ld-elf.so.1: environment corrupt; missing value for<br>
>> > ALEX-ALEX<br>
>> > # id<br>
>> > uid=1002(test) gid=1002(test) euid=0(root) groups=1002(test)<br>
>> > # uname -a<br>
>> > FreeBSD <a href="http://proxy.opigateway-local.net" target="_blank">proxy.opigateway-local.net</a> 7.2-RELEASE FreeBSD 7.2-RELEASE #0:<br>
>> > Fri<br>
>> > May 1 08:49:13 UTC 2009<br>
>> > root@walker.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386<br>
>> ><br>
>> > source : <a href="http://seclists.org/fulldisclosure/2009/Nov/371" target="_blank">http://seclists.org/fulldisclosure/2009/Nov/371</a><br>
>> ><br>
>> > dengar 8.0-Release pn kena juga, sape2 leh test dialu2kan :)<br>
>> > --<br>
>> > _________________________<br>
>> > <a href="http://blog.myinfinityx.com" target="_blank">http://blog.myinfinityx.com</a><br>
>> > _________________________<br>
>> ><br>
>> > _______________________________________________<br>
>> > PCBSD-malaysia mailing list<br>
>> > <a href="mailto:PCBSD-malaysia@lists.pcbsd.org">PCBSD-malaysia@lists.pcbsd.org</a><br>
>> > <a href="http://lists.pcbsd.org/mailman/listinfo/pcbsd-malaysia" target="_blank">http://lists.pcbsd.org/mailman/listinfo/pcbsd-malaysia</a><br>
>> ><br>
>> ><br>
>><br>
>><br>
>><br>
>> --<br>
>> My Facebook<br>
>> <a href="http://www.facebook.com/linuxmalaysia" target="_blank">http://www.facebook.com/linuxmalaysia</a><br>
>><br>
>> My Blog<br>
>> <a href="http://blog.harisfazillah.info/" target="_blank">http://blog.harisfazillah.info/</a><br>
>><br>
>> My Network<br>
>> <a href="http://linuxdotmy.multiply.com/" target="_blank">http://linuxdotmy.multiply.com/</a><br>
>> _______________________________________________<br>
>> PCBSD-malaysia mailing list<br>
>> <a href="mailto:PCBSD-malaysia@lists.pcbsd.org">PCBSD-malaysia@lists.pcbsd.org</a><br>
>> <a href="http://lists.pcbsd.org/mailman/listinfo/pcbsd-malaysia" target="_blank">http://lists.pcbsd.org/mailman/listinfo/pcbsd-malaysia</a><br>
><br>
><br>
><br>
> --<br>
> _________________________<br>
> <a href="http://blog.myinfinityx.com" target="_blank">http://blog.myinfinityx.com</a><br>
> _________________________<br>
><br>
> _______________________________________________<br>
> PCBSD-malaysia mailing list<br>
> <a href="mailto:PCBSD-malaysia@lists.pcbsd.org">PCBSD-malaysia@lists.pcbsd.org</a><br>
> <a href="http://lists.pcbsd.org/mailman/listinfo/pcbsd-malaysia" target="_blank">http://lists.pcbsd.org/mailman/listinfo/pcbsd-malaysia</a><br>
><br>
><br>
<br>
<br>
<br>
--<br>
My Facebook<br>
<a href="http://www.facebook.com/linuxmalaysia" target="_blank">http://www.facebook.com/linuxmalaysia</a><br>
<br>
My Blog<br>
<a href="http://blog.harisfazillah.info/" target="_blank">http://blog.harisfazillah.info/</a><br>
<br>
My Network<br>
<a href="http://linuxdotmy.multiply.com/" target="_blank">http://linuxdotmy.multiply.com/</a><br>
_______________________________________________<br>
PCBSD-malaysia mailing list<br>
<a href="mailto:PCBSD-malaysia@lists.pcbsd.org">PCBSD-malaysia@lists.pcbsd.org</a><br>
<a href="http://lists.pcbsd.org/mailman/listinfo/pcbsd-malaysia" target="_blank">http://lists.pcbsd.org/mailman/listinfo/pcbsd-malaysia</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>_________________________<br><a href="http://blog.myinfinityx.com">http://blog.myinfinityx.com</a><br>_________________________<br>