jic
02-20-2001, 03:06 PM
I got my hands on some private exploits. I am not going to give them out nor release them to bugtraq. I am just giving the admins here a heads up.
1) FreeBSD -> there is an exploit that calls getenv() in session.c that gives the user gid=dialer
2) Not really an exploit. But it 'hijacks' open() checks for a list of pids stored in /tmp/hide0r, if found it returns -1, else the address to the real open() call.
None of these are potentially dangerous but there should be some action to fix this. I am not going to release the code and refuse to do so, if I did my little inside informants who give me this stuff will smack me and stop giving me inside info.
Anyhow, that is that. If this doesn't make sense to you sorry =(.
James R. Clark II
Nethosters Inc.
http://www.nethosters.com
1) FreeBSD -> there is an exploit that calls getenv() in session.c that gives the user gid=dialer
2) Not really an exploit. But it 'hijacks' open() checks for a list of pids stored in /tmp/hide0r, if found it returns -1, else the address to the real open() call.
None of these are potentially dangerous but there should be some action to fix this. I am not going to release the code and refuse to do so, if I did my little inside informants who give me this stuff will smack me and stop giving me inside info.
Anyhow, that is that. If this doesn't make sense to you sorry =(.
James R. Clark II
Nethosters Inc.
http://www.nethosters.com