Exploit for traceroute-nanog overflow

From: Carl Livitt (carlat_private)
Date: Fri Nov 29 2002 - 09:49:48 PST

Next message: jari.heleniusat_private: "Potential Vuln in McAfee VirusScan 451"

Previous message: Thomas Biege: "SuSE Security Announcement: pine (SuSE-SA:2002:046)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Attached is a working proof-of-concept exploit for the traceroute-nanog local 
root hole. It works on SuSE 7.x/8.0 and maybe others too.

It includes detailed information on where the vulnerability lies in the source 
code, problems in exploitation and solutions to those problems.

It also highlights _another_ possible vulnerability in the form of a heap 
overflow (not yet researched).

Regards,
Carl

text/x-csrc attachment: traceroute-exploit.c

Next message: jari.heleniusat_private: "Potential Vuln in McAfee VirusScan 451"
Previous message: Thomas Biege: "SuSE Security Announcement: pine (SuSE-SA:2002:046)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 12:56:28 PST