debian/suse man exploit

[fish stiqz <fish () ANALOG ORG>]

Heres another exploit for the debian/suse man -l format string bug
discussed a bit earlier.  It bypasses Solar Designer's non-exec stack
patch and should work out of the box on Debian 2.2.  There is a detailed
explanation of how to get the offsets for other distributions (such as
SuSE).  I dont have access to any SuSE machines but I would love it
if you guys/gals give it a test.  Just follow what I did in the comments.

As always, for updates see http://gibson.analog.org/security

Have a great day!
Later,
fish stiqz.

--
fish stiqz <fish () analog org>
   irc>irl?werd():lame()

Attachment: manhole.c
Description: