The patches have been available over a week now. I think that is long enough. On the 1st of December Przemyslaw Frasunek (venglinat_private) wrote something about getting a wu-ftpd exploit working. The problem he was having was to do with the following macro: #define arena_for_ptr(ptr) \ (((mchunkptr)(ptr) < top(&main_arena) && (char *)(ptr) >= sbrk_base) ? \ &main_arena : heap_for_ptr(ptr)->ar_ptr) He worked around it by making a hacked up version of the malloc function. My solution: put the chunk on the heap between sbrk_base and the top value of the main_arena. How? Get the chunk malloc()ed and stored there, then brute force it. (The exact position varies depending on a whole lot of things, and brute forcing is nice for system admins. They have pretty good evidence that there has been an attack. ;]) -- zen-parse P.S. Apparently there are earlier versions of this exploit floating around. Many of them are even buggier than this one, and all some of them will do is add a few hundred K to the log files. P.P.S Sorry, but it was too much temptation to resist posting it as wu261.c. The program is a wrapper for the archive. -- ------------------------------------------------------------------------- The preceding information is confidential and may not be redistributed without explicit permission. Legal action may be taken to enforce this. If this message was posted by zen-parseat_private to a public forum it may be redistributed as long as these conditions remain attached. If you are mum or dad, this probably doesn't apply to you.
This archive was generated by hypermail 2b30 : Wed Dec 12 2001 - 08:48:15 PST