Re: [xforceat_private: ISSalert: ISS Advisory: Buffer Overflow in /bin/login]

From: Wietse Venema (wietseat_private)
Date: Wed Dec 12 2001 - 16:07:07 PST

Next message: Emre Yildirim: "Re: UDP DoS attack in Win2k via IKE"

Previous message: Pavel Titov: "Browsers fails on big image count"
In reply to: Dan Stromberg: "[xforceat_private: ISSalert: ISS Advisory: Buffer Overflow in /bin/login]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dan Stromberg:
> The CERT advisory says this is multiplatform.
> 
> Could someone give me the exploit please?  I'd like to test a woraround.

Traditionally SYSV login accepts "username name=value name=value..."
both from the command line and from stdin. It isn't hard to find out
if you can/cannot clobber process memory by specifying a sufficient
number of name=value values.

	Wietse

Next message: Emre Yildirim: "Re: UDP DoS attack in Win2k via IKE"
Previous message: Pavel Titov: "Browsers fails on big image count"
In reply to: Dan Stromberg: "[xforceat_private: ISSalert: ISS Advisory: Buffer Overflow in /bin/login]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 12 2001 - 23:02:41 PST