Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: man-exploit for MANPAGER environment...

From: emsi () IT PL (Mariusz Woloszyn)
Date: Wed, 26 Apr 2000 10:28:46 +0200

On Mon, 24 Apr 2000 psychoid () GMX NET wrote:


For the sake of full disclosure an exploit for the MANPAGER environment
variable:

- snip -

/*
 * MAN-Exploit for MANPAGER environmental variable.
 * rh 6.x, tested on rh 6.1
 * written by psychoid/tCl
 * gives egid man.
 *
 * Originally discovered by lcamtuf.
 * educational. yes.
 *
 */



For absolutely FULL disclosure here is wonderfull man sploit (allready
posted to vuln-dev in thread of sth...) that works cool even if stack is
nonexecutable (it exploits the feature of GOT being executable -- see
vuln-dev archives for details: Pine.GSO.4.03.10004201510040.12388-100000 () zloty it com 
pl">http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-04-15&msg=Pine.GSO.4.03.10004201510040.12388-100000
 () zloty it com pl</A>).

GreetZ Bulba, Lam3rZ, teso, hert, Smerda Jajeczny.

Kil3r / Emsi / M.C.Mar /

--
Mariusz Wo³oszyn
Internet Security Specialist, Internet Partners, GTS Poland


<HR NOSHADE>
<UL>
<LI>TEXT/PLAIN attachment: 3man.c
</UL>
Previous By Date Next
Previous By Thread Next

Current thread: