hi, i was looking at the mod_gzip src and found a sprintf that prints the process id and tid onto a var HOST. if you could find a way of changing, or spoofing these id's, and since they are strings, you could easily overwrite HOST with shellcode if you could spoof the pid or tid. This is probably a non-exploit, but anyone with the urge to make themselves look great and get a local nobody shell is welcome to try. "doot" ohh and i support antisec :) _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
This archive was generated by hypermail 2b30 : Tue Sep 11 2001 - 15:43:36 PDT