Bugtraq mailing list archives
Buffer Overflows exploit for SunOS 4.1.4
From: tarreau () AEMIAIF LIP6 FR (Willy TARREAU)
Date: Tue, 8 Jul 1997 17:11:40 +0200
Hello, about one month ago, I posted here a generic exploit for buffer overflows on SunOS 4. I didn't find a real bug which could be exploited in a standard application so my exploit applied only to my own programs. Now, I succeeded in getting a root shell using the X11 ressource manager bug ('xterm -xrm xxxxxxxxxxxxxxxxxxx...xxxxxxxxx'), which isn't new, but demonstrates that my exploit really works. As I saw, there aren't many buffer overflow exploits for SunOS, perhaps because of some complications. My package includes a script which can automatically try several stack offsets, which could be useful when testing a wrapper in development. You can retrieve this on my web page: http://www-miaif.lip6.fr/willy/security/sunos.html Hope this can help somebody... Willy Tarreau -- +---------------+------------------------+----------------------------------+ | Willy Tarreau | tarreau () aemiaif lip6 fr | http://www-miaif.lip6.fr/willy/ | | Magistere d'Informatique Appliquee de l'Ile de France (MIAIF), promo 97 | | DEA A.S.I.M.E. | Universite Pierre et Marie Curie (Paris 6), FRANCE | +-----------------+---------------------------------------------------------+
Current thread:
- Re: Solaris 2.5.1 party piece Davin Milun (Jul 03)
- Re: Solaris 2.5.1 party piece Casper Dik (Jul 03)
- Vulnerability in websendmail Razvan Dragomirescu (Jul 04)
- tar-error inter (Jul 05)
- Solution to MacDNS problem (keywords MacDNS DNS Macintosh Dan Brown (Jul 07)
- Vulnerability in websendmail (fwd) Julian Assange (Jul 07)
- Alert: Utility allows any user to become a member of local Admini Aleph One (Jul 08)
- Re: Vulnerability in websendmail Randal Schwartz (Jul 08)
- SGI Security Advisory 19970502-02-PX - xlock Vulnerability SGI Security Coordinator (Jul 08)
- Buffer Overflows exploit for SunOS 4.1.4 Willy TARREAU (Jul 08)
- GetAdmin NT exploit Christopher Klaus (Jul 08)
- Inside GetAdmin Mark Joseph Edwards (Jul 08)
- Fw: Reported Proxy-Netscape Bug Mark Joseph Edwards (Jul 08)