At 06:55 PM 8/5/98 +0200, you wrote: >An old one I guess known but I never saw it in the list: > >Solaris 2.4 popper has an overflow in the username explotaible obviously >as root. >It's also easy to get root's shadow entry in the core dumped just failing to >log as root before overruning the username. Depending on the revision level of 2.4 the dump will follow symolic and hard links, So why wait to crack the root password when you can slam a few files and get a full fledged uid of 0. core() is wack in pre 2.5.1(may 96) versions. Matt
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:47 PDT