Date: Wed, 8 Mar 2000 14:42:54 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: security@freebsd.org Subject: Re: dump buffer overflow (fwd) Message-ID: <Pine.BSF.4.21.0003081441110.1655-100000@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
If anyone was wondering about this, Warner fixed it more than 3 months ago
after the hole was found by the freebsd auditing project, and so 3.4-REL
is not vulnerable. It would be nice for people at least to state which
version they tested when making blanket claims of insecurity :-(
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
---------- Forwarded message ----------
Date: Tue, 7 Mar 2000 21:14:32 -0000
From: Lamagra Argamal <lamagra@HACKERMAIL.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: dump buffer overflow
On FreeBSD dump has the same hole i describes in my previous post. Only it is exploitable :-)
Dump with kerberos has __atexit and __cleanup after all the other variables on the heap. By overwriting these variables you can start your shellcode.
Most of the credits should go to zen-parse who found and tested this.
-lamagra
Greets to lurux, grue, typo, jolt-freak.
http://lamagra/seKure.de
Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003081441110.1655-100000>