Re: Eterm SGID utmp Buffer Overflow (Local)

From: Simon 'corecode' Schubert (corecodeat_private)
Date: Mon Jan 14 2002 - 14:10:38 PST

Next message: s1gnal_9 : "Bugs? in Microsoft RDP protocol, & Questions."

Previous message: Charles 'core' Stevenson: "Eterm SGID utmp Buffer Overflow (Local)"
In reply to: Charles 'core' Stevenson: "Eterm SGID utmp Buffer Overflow (Local)"
Next in thread: Charles 'core' Stevenson: "Re: Eterm SGID utmp Buffer Overflow (Local)"
Reply: Charles 'core' Stevenson: "Re: Eterm SGID utmp Buffer Overflow (Local)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 13 Jan 2002 07:57:57 -0700 "Charles 'core' Stevenson"
<coreat_private> wrote:

> I found this last night looking for suids to overflow.  Tested on
> Debian PowerPC Unstable. Yields gid utmp from which higher priveleges
> could be gained with a little effort. I haven't looked too close but I
> think the overflow might be in imlib2.

could this be sploited under x86 as well?
i don't see a way but this doesn't say anything... what do others say?

cheerz
  corecode

-- 
/"\   http://corecode.ath.cx/
\ /
 \     ASCII Ribbon Campaign
/ \  Against HTML Mail and News

application/pgp-signature attachment: stored

Next message: s1gnal_9 : "Bugs? in Microsoft RDP protocol, & Questions."
Previous message: Charles 'core' Stevenson: "Eterm SGID utmp Buffer Overflow (Local)"
In reply to: Charles 'core' Stevenson: "Eterm SGID utmp Buffer Overflow (Local)"
Next in thread: Charles 'core' Stevenson: "Re: Eterm SGID utmp Buffer Overflow (Local)"
Reply: Charles 'core' Stevenson: "Re: Eterm SGID utmp Buffer Overflow (Local)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 14 2002 - 14:35:15 PST