Attached is a working proof-of-concept exploit for the traceroute-nanog local root hole. It works on SuSE 7.x/8.0 and maybe others too. It includes detailed information on where the vulnerability lies in the source code, problems in exploitation and solutions to those problems. It also highlights _another_ possible vulnerability in the form of a heap overflow (not yet researched). Regards, Carl
This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 12:56:28 PST