Two minor corrections, the caffiene hadn't kicked in yet: On Tuesday 31 July 2001 01:02 pm, H D Moore wrote: > Linux telnetd is very buggy, whether or not it is exploitable is a > different story. By sending many AYT's, you overwrite the netoprintf > variable with the string "\r\n[ hostname : yes]\r\n", which will eventually netoprintf is the function, netobuf is the buffer we smash. > How to calculate the number of bytes each AYT request causes to be written > to netoprintf: Same as above. -HD
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 11:32:25 PDT