Remote BSD ftpd exploit (revised)

From: fish stiqz (fishat_private)
Date: Mon Apr 16 2001 - 00:07:25 PDT

Next message: Mipam: "Re: PIX Firewall 5.1 DoS Vulnerability"

Previous message: Neil W Rickert: "Re: Solaris ipcs vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Again,

Here is a new version of turkey.c which fixes a design issue in the socket
i/o which caused it to unnecessarily fail on a lot of systems.  You must have
an account on the system to be able to use the exploit.  You could
theoretically be an anonymous user with access to a writeable directory, but
it would require a chroot break, which is not included in the exploit.

turkey2.c works by default on all unpatched FreeBSD 4.[0-2] running the
default ftp server and OpenBSD 2.8.  It should work elsewhere with a tiny
bit of tuning.

Take Care.

- fish stiqz.

--
fish stiqz <fishat_private>
   irc>irl?werd():lame()

text/plain attachment: turkey2.c

Next message: Mipam: "Re: PIX Firewall 5.1 DoS Vulnerability"
Previous message: Neil W Rickert: "Re: Solaris ipcs vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 13:17:59 PDT