('binary' encoding is not supported, stored as-is) Well .. once again we proved that the coders are to busy to look at they`re code... I discovered a bug on telnetd... what this : ====================================== ========= [root@localhost telnet]# telnet 127.0.0.1 -l "`perl - e 'printf "A"x9000'`" Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. Segmentation fault (core dumped) [root@localhost telnet]# ====================================== ========= gdb output : (gdb) info registers eax 0x1 1 ecx 0x401eff00 1075773184 edx 0x807d398 134730648 ebx 0x401f19e4 1075780068 esp 0xbfffd3e8 0xbfffd3e8 ebp 0xbfffd410 0xbfffd410 esi 0x41414140 1094795584 edi 0x807d190 134730128 eip 0x40146df0 0x40146df0 eflags 0x10202 66050 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x2b 43 gs 0x2b 43 fctrl 0x0 0 fstat 0x0 0 ftag 0x0 0 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 (gdb) ====================================== == but we can`t write a local exploit because : [root@localhost telnet]# ls -al `which telnet` -rwxr-xr-x 1 root root 130956 Mar 30 2001 /usr/kerberos/bin/telnet [root@localhost telnet]# ====================================== == --==Aramis==--
This archive was generated by hypermail 2b30 : Sun Feb 17 2002 - 08:43:24 PST