Re: Slackware 8.0 / ucd-snmpd 4.2.1 exploit works?

From: Jim Kovalchuk (raxorat_private)
Date: Sat May 04 2002 - 22:02:44 PDT

Next message: John Thornton: "Finding and exploiting buffer overflows in Windows."

Previous message: Paul Starzetz: "Re: trusting user-supplied data (was Re: FreeBSD Security AdvisoryFreeBSD-SA-02:23.stdio)"
In reply to: Paul_Asadoorian: "Slackware 8.0 / ucd-snmpd 4.2.1 exploit works?"
Next in thread: joveat_private: "Re: Slackware 8.0 / ucd-snmpd 4.2.1 exploit works?"
Reply: joveat_private: "Re: Slackware 8.0 / ucd-snmpd 4.2.1 exploit works?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Make sure the offset in the code (0xbfffd77c) is within your NOP sled.

pub  1024D/4D4E605E 2001-10-05 Jim Kovalchuk <raxorat_private>
Fingerprint: 6DF1 31C6 05E9 FCA6 02AB  386D 5640 EF8C 4D4E 605E

On Sat, 4 May 2002, Paul_Asadoorian wrote:

> I came across the following exploit on packetstorm and have been unable
> to get it to work.  It crashes the daemon but never creates a shell on
> the specified port.  Anyone else had any luck?
> 
> http://packetstormsecurity.org/0203-exploits/ucd-snmp.c
> 
> Thanks,
> Paul
> 
> A struggling SANS GCIH student 
>

Next message: John Thornton: "Finding and exploiting buffer overflows in Windows."
Previous message: Paul Starzetz: "Re: trusting user-supplied data (was Re: FreeBSD Security AdvisoryFreeBSD-SA-02:23.stdio)"
In reply to: Paul_Asadoorian: "Slackware 8.0 / ucd-snmpd 4.2.1 exploit works?"
Next in thread: joveat_private: "Re: Slackware 8.0 / ucd-snmpd 4.2.1 exploit works?"
Reply: joveat_private: "Re: Slackware 8.0 / ucd-snmpd 4.2.1 exploit works?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 05 2002 - 09:16:49 PDT