| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 Feb 2005 07:07:51 -0600 From: H D Moore <sflist@...italoffense.net> To: bugtraq@...urityfocus.com Subject: Re: Knox Arkeia remote root/system exploit The metasploit project has released two exploits for this flaw: http://metasploit.com/projects/Framework/exploits.html#arkeia_type77_win32 http://metasploit.com/projects/Framework/exploits.html#arkeia_type77_macos The win32 exploit has targets for every version of Arkeia between 4.2 and 5.3.3. The macos exploit should work across a large range of versions with no modifications. Both of these exploits have the capability to dump the remote system information and Arkeia version[1]. This bug looks difficult or even impossible to exploit on the Solaris 64bit platform; the main() function calls exit()[2] before the final return to the overwritten stack pointer. It may be possible to use one of the local variable overwrites to an advantage, but at first glance it seems unlikely. -HD 1. There are worse problems here than stack overflows... 2. It actually calls doexit() which in turn calls exit() On Friday 18 February 2005 10:29, John Doe wrote: > /* > * Knox Arkeia Server Backup > * arkeiad local/remote root exploit > * Targets for Redhat 7.2/8.0, Win2k SP2/SP3/SP4, WinXP SP1, Win 2003 EE > * Works up to current version 5.3.x > [ snip ] > */
Powered by blists - more mailing lists