½Ã½ºÅÛ°ü¸®ÀÚÀÇ ½°ÅÍ Ä¿ÇǴнº Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
 FAQFAQ   °Ë»ö°Ë»ö   ¸â¹ö¸®½ºÆ®¸â¹ö¸®½ºÆ®   »ç¿ëÀÚ ±×·ì»ç¿ëÀÚ ±×·ì   »ç¿ëÀÚ µî·ÏÇϱâ»ç¿ëÀÚ µî·ÏÇϱâ 
 °³ÀÎ Á¤º¸°³ÀÎ Á¤º¸   ºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀ   ·Î±×Àηα×ÀΠ

°¡ÀÔ¾øÀÌ ´©±¸³ª ±ÛÀ» ¾µ ¼ö ÀÖ½À´Ï´Ù. °øÁö»çÇ׿¡ ´ëÇÑ ´ñ±Û±îÁöµµ..
IT ÀÏÁ¤ New!
ÀÚµ¿È­ ÇÁ·ÎÁ§Æ®




BBS >> ¼³Ä¡, ¿î¿µ Q&A | ³×Æ®¿÷, º¸¾È Q&A | ÀÏ¹Ý Q&A || Á¤º¸¸¶´ç | AWS || ÀÚÀ¯°Ô½ÃÆÇ | ±¸Àα¸Á÷ || °øÁö»çÇ× | ÀÇ°ßÁ¦½Ã
FreeBSD 7.x, 8.0, root±ÇÇÑȹµæ Ãë¾àÁ¡°ú ÆÐÄ¡

 
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â  
±Û¾´ÀÌ ¸Þ½ÃÁö
truefeel
Ä«Æä °ü¸®ÀÚ


°¡ÀÔ: 2003³â 7¿ù 24ÀÏ
¿Ã¸° ±Û: 1277
À§Ä¡: ´ëÇѹα¹
¿Ã¸®±â¿Ã·ÁÁü: 2009.12.04 ±Ý, 3:18 pm    ÁÖÁ¦: FreeBSD 7.x, 8.0, root±ÇÇÑȹµæ Ãë¾àÁ¡°ú ÆÐÄ¡ Àοë°ú ÇÔ²² ´äº¯
11¿ù 30ÀÏ¿¡ FreeBSD¼­¹ö local¿¡¼­ root±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ ³ª¿Ô´Ù.
FreeBDS 7.0, 7.1, 7.2, ¾ó¸¶Àü¿¡ ³ª¿Â 8.0µî 7.0ÀÌ»ó ¹öÀü¿¡¼­ ÀÌ ¹®Á¦°¡ ¹ß»ýÇÑ´Ù.



- FreeBSD 'execl()' Local Privilege Escalation Vulnerability
- Re: [Full-disclosure] ** FreeBSD local r00t zeroday
- Re: ** FreeBSD local r00t zeroday


¸çÄ¥µ¿¾È ÆÐÄ¡°¡ ³ª¿À±â¸¦ ±â´Ù·È´Âµ¥, µåµð¾î ÆÐÄ¡°¡ ³ª¿Ô´Ù.

FreeBSD-SA-09:16.rtld ( Improper environment sanitization in rtld(1) )
http://security.freebsd.org/advisories/FreeBSD-SA-09:16.rtld.asc


À§ °úÁ¤À» µû¶ó ±×´ë·Î ÆÐÄ¡¸¸ ÇØÁÖ¸é µÈ´Ù.


1. ÆÐÄ¡ Àü

Àοë:

$ id
uid=10??(????????) gid=0(wheel) groups=0(wheel)
$ ./execl_exploit.sh
execl_exploit.sh FreeBSD local r00t zeroday
by Kingcope
November 2009
env.c: In function 'main':
env.c:5: warning: incompatible implicit declaration of built-in function 'malloc'
env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy'
env.c:11: warning: incompatible implicit declaration of built-in function 'execl'
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; missing value for
ALEX-ALEX
#
# id
uid=10??(????????) gid=0(wheel) euid=0(root) groups=0(wheel)



2. ÆÐÄ¡ Àû¿ë

Àοë:

# make install
chflags noschg /usr/libexec/ld-elf.so.1
install -s -o root -g wheel -m 555 -C -b -fschg -S ld-elf.so.1 /libexec
install -o root -g wheel -m 444 rtld.1.gz /usr/share/man/man1
/usr/share/man/man1/ld-elf.so.1.1.gz -> /usr/share/man/man1/rtld.1.gz
/usr/share/man/man1/ld.so.1.gz -> /usr/share/man/man1/rtld.1.gz
/usr/libexec/ld-elf.so.1 -> /libexec/ld-elf.so.1


3. ÆÐÄ¡ ÈÄ exploit Å×½ºÆ®

root ±ÇÇÑÀ» ¾òÀ» ¼ö ¾øÀ½À» È®ÀÎÇÒ ¼ö ÀÖ´Ù.

Àοë:

$ ./execl_exploit.sh
execl_exploit.sh FreeBSD local r00t zeroday
by Kingcope
November 2009
env.c: In function 'main':
env.c:5: warning: incompatible implicit declaration of built-in function 'malloc'
env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy'
env.c:11: warning: incompatible implicit declaration of built-in function 'execl'
/libexec/ld-elf.so.1: environment corrupt; missing value for
/libexec/ld-elf.so.1: environment corrupt; aborting
$
$
À§·Î
»ç¿ëÀÚ Á¤º¸ º¸±â ºñ¹Ð ¸Þ½ÃÁö º¸³»±â ±Û ¿Ã¸°ÀÌÀÇ À¥»çÀÌÆ® ¹æ¹®
ÀÌÀü ±Û Ç¥½Ã:   
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸ ½Ã°£´ë: GMT + 9 ½Ã°£(Çѱ¹)
ÆäÀÌÁö 1 Áß 1

 
°Ç³Ê¶Ù±â:  
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù
¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù
ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù


Powered by phpBB © 2001, 2005 phpBB Group