Re: dump buffer overflow

From: Lamagra Argamal (lamagraat_private)
Date: Tue Mar 07 2000 - 13:14:32 PST

Next message: Ussr Labs: "(BisonWare FTP Server V3.5 Roses Labs Security Advisory) is a old"

Previous message: Jason Barlow: "TFN2K Analysis - Update 1.3"
Next in thread: Przemyslaw Frasunek: "Re: dump buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On FreeBSD dump has the same hole i describes in my previous post. Only it is exploitable :-)
Dump with kerberos has __atexit and __cleanup after all the other variables on the heap. By overwriting these variables you can start your shellcode.

Most of the credits should go to zen-parse who found and tested this.

-lamagra

Greets to lurux, grue, typo, jolt-freak.
http://lamagra/seKure.de

Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41

Next message: Ussr Labs: "(BisonWare FTP Server V3.5 Roses Labs Security Advisory) is a old"
Previous message: Jason Barlow: "TFN2K Analysis - Update 1.3"
Next in thread: Przemyslaw Frasunek: "Re: dump buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:10 PDT