Re: Solaris 2.4 pop buffer overrun

From: Matthew R. Potter (mpotterat_private)
Date: Fri Aug 07 1998 - 13:29:22 PDT

Next message: John D. Hardin: "Re: Eudora executes (Java) URL"

Previous message: Ben Laurie: "Re: YA Apache DoS attack"
Maybe in reply to: Julio Casal: "Solaris 2.4 pop buffer overrun"
Next in thread: Julio Casal: "Re: Solaris 2.4 pop buffer overrun"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 06:55 PM 8/5/98 +0200, you wrote:
>An old one I guess known but I never saw it in the list:
>
>Solaris 2.4 popper has an overflow in the username explotaible obviously
>as root.
>It's also easy to get root's shadow entry in the core dumped just failing to
>log as root before overruning the username.

Depending on the revision level of 2.4 the dump will follow symolic and
hard links, So why wait to crack the root password when you can slam a few
files and get a full fledged uid of 0. core() is wack in pre 2.5.1(may 96)
versions.

Matt

Next message: John D. Hardin: "Re: Eudora executes (Java) URL"
Previous message: Ben Laurie: "Re: YA Apache DoS attack"
Maybe in reply to: Julio Casal: "Solaris 2.4 pop buffer overrun"
Next in thread: Julio Casal: "Re: Solaris 2.4 pop buffer overrun"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:47 PDT