Happy 3 month anniversary cfingerd remote bug!

From: zen-parseat_private
Date: Wed Jul 11 2001 - 09:51:24 PDT

Next message: ade245at_private: "McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal Vulnerabilty"

Previous message: EnGarde Secure Linux: "[ESA-20010711-01] AllCommerce insecure temporary files"
Next in thread: joshat_private: "2.4.x/Slackware Init script vulnerability"
Reply: joshat_private: "2.4.x/Slackware Init script vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Remotish / localish  exploit.

I wrote this last night, unaware someone else was going to post something
today.

Here is another exploit for the format string problem in cfingerd<=1.4.3,
using a slightly different method for exploiting it. Anti script-kiddied
by me being lazy.

Exploit redirects fopen() call to popen() and executes code from
~/.nofinger

Read the comments.

 -- zen-parse


                   M4D PR0PZ T0 :

           Steven for showing me da bugz
        noid 4 b3in6 7h3r3 wh3n no1 3153 w4z
        grue 4 lurking,  g00bER 4 something
     and the rest of #roothat @ irc.pulltheplug.com

       4150 70 mp3.com 4 http://mp3.com/cosv

TEXT/PLAIN attachment: idcf.c

Next message: ade245at_private: "McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal Vulnerabilty"
Previous message: EnGarde Secure Linux: "[ESA-20010711-01] AllCommerce insecure temporary files"
Next in thread: joshat_private: "2.4.x/Slackware Init script vulnerability"
Reply: joshat_private: "2.4.x/Slackware Init script vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 16:45:35 PDT