Date: Wed, 8 Mar 2000 14:42:54 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: security@freebsd.org Subject: Re: dump buffer overflow (fwd) Message-ID: <Pine.BSF.4.21.0003081441110.1655-100000@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
If anyone was wondering about this, Warner fixed it more than 3 months ago after the hole was found by the freebsd auditing project, and so 3.4-REL is not vulnerable. It would be nice for people at least to state which version they tested when making blanket claims of insecurity :-( Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe@alum.mit.edu> ---------- Forwarded message ---------- Date: Tue, 7 Mar 2000 21:14:32 -0000 From: Lamagra Argamal <lamagra@HACKERMAIL.NET> To: BUGTRAQ@SECURITYFOCUS.COM Subject: Re: dump buffer overflow On FreeBSD dump has the same hole i describes in my previous post. Only it is exploitable :-) Dump with kerberos has __atexit and __cleanup after all the other variables on the heap. By overwriting these variables you can start your shellcode. Most of the credits should go to zen-parse who found and tested this. -lamagra Greets to lurux, grue, typo, jolt-freak. http://lamagra/seKure.de Send someone a cool Dynamitemail flashcard greeting!! And get rewarded. GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003081441110.1655-100000>