Vulnerability Development mailing list archives
Re: /usr/bin/ddate buffer overflow
From: "enthh () FLASH NET" <enthh () FLASH NET>
Date: Tue, 13 Feb 2001 15:02:20 -0500
two things. number one, i stated that you will most likely have to brute force the offset (make a bash/perl script to try running the exploit with different offsets) because i wrote it for my _slackware_ box, and number two, as stated before, ddate is NOT suid, therefore you will not recieve elevated privaledges (your id wont change). enthh ----- Original Message ----- From: "sekure" <sekure () hadrion com br> To: <enthh () FLASH NET> Cc: <VULN-DEV () SECURITYFOCUS COM> Sent: 13 February, 2001 7:53 AM Subject: Re: Re: /usr/bin/ddate buffer overflow Hello, .Agin i try this vulnerability...and it didnt work in my Mandrake 7.2 my results: ./ddate jumping 0xbffff717 off: 0 1ɱX6Fâúê .cho.c`riíf*÷Täí WRéZªÆDùÆDý²7îþþtùLù¹ 0ÓRòÌdñZ_ÈÂÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿ ÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿Èùÿ¿¾|@ PuTTYSegmentation fault (core dumped) [wendel@lnx test]$ whoami wendel [wendel@lnx test]$ id uid=502(wendel) gid=506(wendel) groups=506(wendel) [wendel@lnx test]$ cat /etc/shadow cat: /etc/shadow: Permission denied [wendel@lnx test]$ Maybe in Mandrake 7.2 is not is vulnerability!!MAYBE! :)) thkz [ ]'s -----Mensagem original----- De: enthh () FLASH NET <enthh () FLASH NET> Para: VULN-DEV () SECURITYFOCUS COM <VULN-DEV () SECURITYFOCUS COM> Data: Sábado, 10 de Fevereiro de 2001 23:46 Assunto: Re: /usr/bin/ddate buffer overflow
no, although out of boredom, heres an exploit ----- Original Message ----- From: "Blue Boar" <BlueBoar () THIEVCO COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: 10 February, 2001 3:17 PM Subject: Re: /usr/bin/ddate buffer overflowAre any of these setuid? BB SosPiro wrote:I found a buffer overflow in /usr/bin/ddate (version unknown) "converts Gregorian dates to Discordian dates.." I tested it on my Linux Box (RedHat 6.2) Look at this: #ddate +AAAA...x 408 Segmentation Fault (core dumped) sospiro
Current thread:
- Re: ftp.exe buffer overflow ?, (continued)
- Re: ftp.exe buffer overflow ? Bob Monkier (Feb 15)
- Re: ftp.exe buffer overflow ? Ryan Permeh (Feb 16)
- Internet explorer bug or Micromedia Flash bug ? cyber_hunter (Feb 19)
- Re: ftp.exe buffer overflow ? Antti Hakulinen (Feb 15)
- Message not available
- Re: ftp.exe buffer overflow ? Lincoln Yeoh (Feb 13)
- Re: ftp.exe buffer overflow ? Lord Soth (Feb 11)
- Message not available
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 11)
- Re: /usr/bin/ddate buffer overflow Larry W. Cashdollar (Feb 14)