Re: suid scotty (ntping) overflow (fwd)

From: Kris Kennaway (krisat_private)
Date: Thu Jun 21 2001 - 19:17:37 PDT

Next message: Steven Van Acker: "cfingerd local vulnerability (possibly root)"

Previous message: Robert van der Meulen: "Re: [SNS Advisory No.32] w3m malformed MIME header Buffer Overflow Vulnerability"
In reply to: Larry W. Cashdollar: "suid scotty (ntping) overflow (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 21, 2001 at 10:55:48AM -0400, Larry W. Cashdollar wrote:
> 
> This has circulated on vuln-dev not sure if it made it here yet.  Vendor 
> has been notified and released a fixed version 2.1.11.  
> 
> My exploit:
> http://vapid.dhs.org/ntping_exp.c
> 
> There is a much better exploit out there, but I am not sure if I have
> permission to distribute it.  So I will leave that to the author.

Curious that they didn't respond when I told them about this last
August.  The port has been disabled in FreeBSD since then, but I kept
on forgetting about it which is why we never followed up with an
advisory.

Kris

application/pgp-signature attachment: stored

Next message: Steven Van Acker: "cfingerd local vulnerability (possibly root)"
Previous message: Robert van der Meulen: "Re: [SNS Advisory No.32] w3m malformed MIME header Buffer Overflow Vulnerability"
In reply to: Larry W. Cashdollar: "suid scotty (ntping) overflow (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 11:51:01 PDT