Bugtraq mailing list archives
load.root (loadmodule hole)
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Fri, 15 Sep 1995 06:54:45 -0400
For anyone wondering what the loadmodule hole is, but not wanting to grab the 8lgm exploit and try to grok it, the real secret is very simple - and I can't understand why 8lgm didn't explain this in their posting, rather than only in a comment in the exploit script. The comment in question is:
# loadmodule has previously been fixed to clear IFS, apparently by
# putenv("IFS= "). However, we can still exploit system() by
# having IFS defined twice in our environment.
der Mouse
mouse () collatz mcrcim mcgill edu
Current thread:
- load.root (loadmodule hole) der Mouse (Sep 15)
- Re: load.root (loadmodule hole) Urban (Sep 15)
- Re: load.root (loadmodule hole) Fred Blonder (Sep 15)
- Re: load.root (loadmodule hole) Pat The Friendly RedNeck (Sep 15)
- Re: load.root (loadmodule hole) Urban (Sep 18)
- INN1.4sec on Linux Olaf Kirch (Sep 18)
- Re: INN1.4sec on Linux Dave Barr (Sep 25)
- Re: load.root (loadmodule hole) Fred Blonder (Sep 15)
- <Possible follow-ups>
- Re: load.root (loadmodule hole) Brad Powell (Sep 15)
- Re: load.root (loadmodule hole) Karl Strickland (Sep 17)
- Re: load.root (loadmodule hole) Casper Dik (Sep 26)
- Re: load.root (loadmodule hole) Brad Powell (Sep 16)
(Thread continues...)
- Re: load.root (loadmodule hole) Urban (Sep 15)