Another exploit for cfingerd <= 1.4.3-8

From: teleh0r (teleh0r@digit-labs.org)
Date: Wed Jul 11 2001 - 11:19:19 PDT

Next message: EnGarde Secure Linux: "[ESA-20010711-02] sudo elevated privileges vulnerability"

Previous message: ade245at_private: "McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal Vulnerabilty"
Next in thread: Phil Stracchino: "Re: Another exploit for cfingerd <= 1.4.3-8"
Reply: Phil Stracchino: "Re: Another exploit for cfingerd <= 1.4.3-8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear bugtraq readers,

This is another exploit for the flaw found by Steven Van Acker.
http://www.securityfocus.com/archive/1/192844

In order to allow for more nops, I have constructed the payload
like this:

<82 nops><jmp 0x4><retaddr><shellcode>

[teleh0r@localhost teleh0r]$ ./cfingerd-exploit.pl -s 1
Address: 0xbffff46c
Exploit attempt succeeded!
[teleh0r@localhost teleh0r]#

Tested against cfingerd 1.4.3-8.

Sincerely yours,
teleh0r
http://www.digit-labs.org/teleh0r/

application/x-perl attachment: cfingerd-exploit.pl

Next message: EnGarde Secure Linux: "[ESA-20010711-02] sudo elevated privileges vulnerability"
Previous message: ade245at_private: "McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal Vulnerabilty"
Next in thread: Phil Stracchino: "Re: Another exploit for cfingerd <= 1.4.3-8"
Reply: Phil Stracchino: "Re: Another exploit for cfingerd <= 1.4.3-8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 16:47:53 PDT