Exploit for traceroute-nanog overflow

From: Carl Livitt (carl@learningshophull.co.uk)
Date: 11/29/02

Next message: Jeff Damens: "re: Solaris priocntl exploit"

Previous message: Eitan Caspi: "User downgraded from Administrator to User retains the ability to list other user's running tasks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Carl Livitt <carl@learningshophull.co.uk>
To: bugtraq@securityfocus.com
Date: Fri, 29 Nov 2002 17:49:48 +0000

Attached is a working proof-of-concept exploit for the traceroute-nanog local
root hole. It works on SuSE 7.x/8.0 and maybe others too.

It includes detailed information on where the vulnerability lies in the source
code, problems in exploitation and solutions to those problems.

It also highlights _another_ possible vulnerability in the form of a heap
overflow (not yet researched).

Regards,
Carl

text/x-csrc attachment: traceroute-exploit.c

Next message: Jeff Damens: "re: Solaris priocntl exploit"
Previous message: Eitan Caspi: "User downgraded from Administrator to User retains the ability to list other user's running tasks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

www.derkeiler.com > Mailing-Lists > securityfocus > bugtraq > 2002-11