Vulnerability Development mailing list archives
Re: /usr/bin/ddate buffer overflow
From: "Larry W. Cashdollar" <lwc () VAPID DHS ORG>
Date: Wed, 14 Feb 2001 10:14:59 -0800
On Tue, 13 Feb 2001, enthh () FLASH NET wrote:
two things. number one, i stated that you will most likely have to brute force the offset (make a bash/perl script to try running the exploit with different offsets) because i wrote it for my _slackware_ box, and number two, as stated before, ddate is NOT suid, therefore you will not recieve elevated privaledges (your id wont change).
This is correct, I wrote an exploit for Mandrake 7.2 myself (yes I was bored too.) Since ddate is not setuid it is moot. If someone wants a copy of my Mandrake exploit drop me an email.
Current thread:
- Re: ftp.exe buffer overflow ?, (continued)
- Re: ftp.exe buffer overflow ? Ryan Permeh (Feb 16)
- Internet explorer bug or Micromedia Flash bug ? cyber_hunter (Feb 19)
- Re: ftp.exe buffer overflow ? Antti Hakulinen (Feb 15)
- Message not available
- Re: ftp.exe buffer overflow ? Lincoln Yeoh (Feb 13)
- Re: ftp.exe buffer overflow ? Lord Soth (Feb 11)
- Message not available
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 11)
- Re: /usr/bin/ddate buffer overflow Larry W. Cashdollar (Feb 10)
- Re: /usr/bin/ddate buffer overflow Larry W. Cashdollar (Feb 14)