Mariusz Marcinkiewicz wrote:
> hi,
> patch was published so i can send you exploit code
We were unable to get this sploit to actually produce a root shell on an
unprotected nfsd. However, we were able to get it to produce a StackGuard
intrusion alert when we used it to attack the StackGuarded nfsd. Here's the
intrusion alert StackGuard dropped into syslog:
Nov 11 13:03:42 kryten rpc.nfsd[330]: Immunix type 1 Canary[0] = aff0d died with
cadaver fff60661 in procedure
fh_compose.
Here's the StackGuarded nfsd:
http://immunix.org/StackGuard/RH52/RPMS/nfs-server-2.2beta37-1_SG12.i386.rpm
Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution: http://immunix.org
