I can confirm that the version in FreeBSD 2.2.6 is indeed vulnerable, the stack is smashed and we are root at the time :(. Fortunately, it is not executable by anyone but root or group ospf. I would venture that solaris x86 is vulnerable. The exploit is trivial, just change the target in your favorite local overflow and exec. On Wed, 21 Oct 1998, Joel Eriksson wrote: > This looks suspicious: > > bash$ ospf_monitor `perl -e 'print "A"x1066'` > task_get_proto: getprotobyname("ospf") failed, using proto 89 > listening on 0.0.0.0.64527 > Segmentation Fault > > bash$ ls -l /usr/bin/ospf_monitor > -rwsr-xr-x 1 root other 61892 Sep 17 1997 > /usr/bin/ospf_monitor > > Has anyone succeded in exploiting this? It sure looks like a > bufferoverflow to me.. > > /Joel Eriksson
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:20:44 PDT