Have you posted this vulnerability to BUGTRAQ or any other sites?
I am happy for you to have discovered a 'nice' new vulnerability but without
either the source code or a full disclosure of what is happening your post
here is pretty useless.
Adam
*********** REPLY SEPARATOR ***********
On 15/04/2001 at 15:31 Peter Batenburg wrote:
>Hello,
>
>Today i got a nice new local root exploit from a friend of mine. It gives
>local root in an instant with every kernel and setuid executable available
>(even 2.4)
>Proof:
>[host host]$ id
>uid=131(host) gid=100(users) groups=100(users),111(site-adm),119(site8)
>[host host]$ ./prak /usr/bin/crontab
>bug exploited successfully.
>enjoy!
>bash# id
>uid=0(root) gid=0(root) groups=100(users),111(site-adm),119(site8)
>bash#
>
>This is with a RaQ4r: Linux ********** 2.2.14C11 #2 Wed Jun 28 00:55:51
>PDT
>2000 i586 unknown
>
>On a RaQ3: Linux ******** 2.2.14C10 #3 Wed Jun 21 15:05:10 JST 2000 i586
>unknown
>
>[bb@***** bb]$ id
>uid=174(bb) gid=100(users) groups=100(users)
>[bb@***** bb]$ ./prak /usr/bin/crontab
>bug exploited successfully.
>enjoy!
>bash# id
>uid=0(root) gid=0(root) groups=100(users)
>bash#
>
>Hopefully cobalt will release a patched kernel within some weeks.
>People from cobalt can contact me for the source.