Bugtraq mailing list archives
debian/suse man exploit
From: fish stiqz <fish () ANALOG ORG>
Date: Tue, 13 Mar 2001 21:20:33 -0500
Heres another exploit for the debian/suse man -l format string bug discussed a bit earlier. It bypasses Solar Designer's non-exec stack patch and should work out of the box on Debian 2.2. There is a detailed explanation of how to get the offsets for other distributions (such as SuSE). I dont have access to any SuSE machines but I would love it if you guys/gals give it a test. Just follow what I did in the comments. As always, for updates see http://gibson.analog.org/security Have a great day! Later, fish stiqz. -- fish stiqz <fish () analog org> irc>irl?werd():lame()
Attachment:
manhole.c
Description:
Current thread:
- debian/suse man exploit fish stiqz (Mar 13)