Vulnerability Development mailing list archives
Re: Off By One on Red Hat Linux again
From: DownBload <downbload () hotmail com>
Date: 30 Aug 2003 10:50:09 -0000
In-Reply-To: <20030829144654.29393.qmail () mail supereva it> TO MODERATOR: Sorry, previous message had error, this is valid message.
hi again, i tested frame pointer overwrite vulnerability in redhat linux 7.0 & 7.1
too...but it
fails to overwrite LSB of EBP. This distros have gcc-2.96-54 and gcc-2.96-
81; any ideas?
However a remote off by one exploit (rsyncd) worked successfully in red
hat 7.1
and i don't understand because a local scenario fails. I will test again FP overwrite in other distros (mandrake & suse) and i
will inform you about
complete exploitation. Thank u to Jose Ronnick for immediate response.
Off-by-one should work on rh7.0. I tested it on rh 6.1 with egcs-2.91.66 (2.2.12-20 kernel) and debian 3.0 with gcc 2.95.4 (2.4.21 kernel). It worked on both. You can download off-by-one example here: http://www.ii-labs.org/wargame/levels/level15.c gdb ./level15 .... .... r `perl -e 'print "A"x250; print "\x4c" x 500'` ... ... (no debugging symbols found)...(no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? () (gdb) q It worked....
Current thread:
- Off By One on Red Hat Linux again lavmarco (Aug 29)
- <Possible follow-ups>
- Re: Off By One on Red Hat Linux again DownBload (Aug 30)