Bugtraq mailing list archives
Re: Exploit for PoPToP PPTP server - Linux version
From: John Leach <bugtraq () johnleach co uk>
Date: 22 Apr 2003 16:03:40 +0100
Hello world, Find attached a modified version that will compile with gcc on Linux. The vulnerability check seems to work, but I've not yet managed a successful exploit. John. P.S: Greets to my Mum. On Fri, 2003-04-18 at 15:27, einstein, dhtm wrote:
hello bugtraq, Here is an exploit for a recently discovered vulnerability in PoPToP PPTP server under Linux. Versions affected are all prior to 1.1.4-b3 and 1.1.3-20030409. The exploit is capable of bruteforcing the RET address to find our buffer in the stack. Upon a successfull run it brings up a reverse shell with privileges of the pptpd daemon (typically root) on the victim server. P.S. Greets to ERRor, Death and all others.
-- GPG KEY: B89C D450 5B2C 74D8 58FB A360 9B06 B5C2 26F0 3047 HTTP: http://www.johnleach.co.uk
Attachment:
pptpd-exploit.c
Description:
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Exploit for PoPToP PPTP server einstein, dhtm (Apr 18)
- Re: Exploit for PoPToP PPTP server - Linux version John Leach (Apr 22)