Wyman Eric Miles wrote: # Correct me if I'm wrong, but doesn't 105210-06 or higher address this # under 2.6? I've been unable to get the exploit to work on any patched # system, though it works nicely on any architecture I've tried which # doesn't have the patch. # i got it to work using the second version of the exploit (the one that lets you specify offsets) on a 2.6 box with 105210-10 installed.... toby # Wyman # # On Mon, 24 May 1999, Casper Dik wrote: # # > If you don't scare easily, you may try hacking libc with adb. # > # > # > THIS IS NOT A SUN SUPPORTED SOLUTION; USE AT YOUR OWN RISK # > YOUR SYSTEM MAY BE RENDEDERED INOPERABLE BY FOLLOWING THE INSTRUCTIONS # > BELOW # > # > # > No 100% guarantee either, it seems to work around the problem. # > # > This is a SPARC only solution; perhaps someone can come up with similar # > code for IA32. # > # > Before we start to alter the system C library with libc make sure # > you have SUNWsutl installed: # > # > $ pkginfo SUNWsutl; ls -l /usr/sbin/static # > system SUNWsutl Static Utilities # > total 4272 # > -r-xr-xr-x 3 root bin 213908 Mar 17 22:56 cp # > -r-xr-xr-x 3 root bin 213908 Mar 17 22:56 ln # > -r-xr-xr-x 3 root bin 213908 Mar 17 22:56 mv # > -r-sr-xr-x 1 root bin 712652 Mar 17 22:58 rcp # > -r-xr-xr-x 1 root bin 762108 Mar 17 23:00 tar # > # > # > On quick examination, there appear to be two functions that overflow a # > buffer: # > # > _real_setlocale # > load_all_locales # > # > (You're advised to use a different working copy of libc and only replace # > libc carefully when you've tested the resutl using LD_LIBRARY_PATH) # > # > adb -w /lib/libc.so.1 # > # > _real_setlocale,100?a^i # > # > (lot of output) # > # > # > Make sure to remove libc.so.1.old or place it outside usr/lib as the runtim e # > linker can accept it as LD_PRELOAD in which case you'd be back at sq 1. # > # > # > Casper # > # # Wyman Miles # Systems Administrator, Rice University, Texas. # (713) 737-5827, e-mail:wymanmat_private, pager:wymanmat_private -- Toby Chappell Georgia State Univ. Systems Programmer IV Atlanta, Georgia tchappellat_private (404) 651-2639
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:09 PDT