Taeho Oh wrote: > This is amd remote exploit code. This is well known bug in the internet. > It's very critical bug, please upgrade am-utils or remove it. > begin amd-ex.c > ---------------------------------------------------------------------- > /* Amd Buffer Overflow for x86 linux > > Remote user can gain root access. > > Tested redhat linux : 4.0, 5.1, 6.0 > Tested am-utils version : 6.0 We finally got around to testing this exploit against a StackGuarded amd. StackGuard stopped it, producing this intrusion detection alert in syslog: Oct 20 01:40:47 kryten amd[326]: Immunix type 1 Canary[0] = aff0d died with cadaver bffff34d in procedure real_plog. For clarification, this test was performed against am-utils-6.0a16-4, which was NOT patched against the bug that this exploit attacks. This is the general point of StackGuard protection: to defend you against bugs that you do *not* know about or have *not* patched. You can get the StackGuarded amd here: http://immunix.org/StackGuard/RH52/RPMS/am-utils-6.0a16-4_SG12.i386.rpm As usual, you can get StackGuard compiler and StackGuarded Linux systems at http://immunix.org Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:10 PDT