lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20021121061802.11467.qmail@web13104.mail.yahoo.com>
From: d4yj4y at yahoo.com (Day Jay)
Subject: buffer overflow in "testver" on Slackware NOT SETUID ROOT

Chung's Donut Shop Release
==========================
www.vapid.org/dorian/chungs
For Linux Slackware 8.x

There's a buffer overflow in "testver" on Slackware
8.x. If you pass an argument to testver longer than
4074 bytes it segfaults. Oops. That's plenty of room
to insert shellcode. testver is NOT setuid root. If it
was, the attached proof of concept code would give you
a root shell. Since it's not, the attached code gives
you a normal shell.
              
This issue was found by d4y-j4y and the attatched
proof of lamerness was written by d4y-j4y.
d4yj4y@...oo.com

Regards,
d4y-j4y
	 
     


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: testver_smash.txt
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021120/4fc336d1/testver_smash.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ