On Wed, 11 Nov 2009, Damian Weber wrote:
On Wed, 11 Nov 2009, Bjoern A. Zeeb wrote:
Date: Wed, 11 Nov 2009 17:37:50 +0000 (UTC)
From: Bjoern A. Zeeb <bzeeb-li...@lists.zabbadoz.net>
To: Oliver Pinter <oliver.p...@gmail.com>
Cc: freebsd-security@freebsd.org, wkos...@freebsd.org
Subject: Re: 2009-07-20 FreeBSD 7.2 (pecoff executable) Local Denial of
Service Exploit 23 R D Shaun Colley
On Mon, 20 Jul 2009, Oliver Pinter wrote:
Hi,
http://milw0rm.com/exploits/9206
has anyone actually been able to reproduce a problem scenario with
this on any supported releases (7.x or 6.x)?
The only thing I gould get from that was:
execve returned -1, errno=8: Exec format error
FWIW, I got another result on 6.4-STABLE
FreeBSD mymachine.local 6.4-STABLE FreeBSD 6.4-STABLE #6: Sat Oct 3 13:06:12
CEST 2009 r...@hypercrypt.local:/usr/obj/usr/src/sys/MYMACHINE i386
$ ./pecoff
MZaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaîîîîaaaa
[I'm truncating here, ~3500 a's follow]aaaaa: File name too long
Not sure if you'd see it with ktrace or not; I ran into that with my
tests as well and was told that it's a shell problem.
try to run it from this:
------------------------------------------------------------------------
#include <unistd.h>
#include <err.h>
int
main(int argc, char *argv[])
{
if (execl("./pecoff", "./pecoff", NULL) == -1)
err(1, "execl()");
return (0);
}
------------------------------------------------------------------------
/bz
--
Bjoern A. Zeeb It will not break if you know what you are doing._______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
