Bugtraq mailing list archives
Re: man-exploit for MANPAGER environment...
From: emsi () IT PL (Mariusz Woloszyn)
Date: Wed, 26 Apr 2000 10:28:46 +0200
On Mon, 24 Apr 2000 psychoid () GMX NET wrote:
For the sake of full disclosure an exploit for the MANPAGER environment variable: - snip - /* * MAN-Exploit for MANPAGER environmental variable. * rh 6.x, tested on rh 6.1 * written by psychoid/tCl * gives egid man. * * Originally discovered by lcamtuf. * educational. yes. * */
For absolutely FULL disclosure here is wonderfull man sploit (allready posted to vuln-dev in thread of sth...) that works cool even if stack is nonexecutable (it exploits the feature of GOT being executable -- see vuln-dev archives for details: Pine.GSO.4.03.10004201510040.12388-100000 () zloty it com pl">http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-04-15&msg=Pine.GSO.4.03.10004201510040.12388-100000 () zloty it com pl</A>). GreetZ Bulba, Lam3rZ, teso, hert, Smerda Jajeczny. Kil3r / Emsi / M.C.Mar / -- Mariusz Wo³oszyn Internet Security Specialist, Internet Partners, GTS Poland <HR NOSHADE> <UL> <LI>TEXT/PLAIN attachment: 3man.c </UL>
Current thread:
- netkill - generic remote DoS attack stanislav shalunov (Apr 21)
- Buffer Overflow in version .14 Jesse Schachter (Apr 24)
- Re: Buffer Overflow in version .14 Alan DeKok (Apr 25)
- man-exploit for MANPAGER environment and a comment about the IMAP vuln psychoid () GMX NET (Apr 24)
- Re: man-exploit for MANPAGER environment... Mariusz Woloszyn (Apr 26)
- mtr-0.41 root exploit Przemyslaw Frasunek (Apr 24)
- Re: mtr-0.41 root exploit Kris Kennaway (Apr 24)
- Two Problems in IMP 2 Jose Nazario (Apr 24)
- Re: Two Problems in IMP 2 Ivan E. Moore II (Apr 25)
- Solaris x86 Xsun overflow. Theodor Ragnar Gislason (Apr 24)
- Solaris 7 x86 lp exploit Theodor Ragnar Gislason (Apr 24)
- Re: Solaris 7 x86 lp exploit Laurent LEVIER (Apr 24)
- Re: netkill - generic remote DoS attack stanislav shalunov (Apr 24)
- Solaris 7 x86 lpset exploit. Theodor Ragnar Gislason (Apr 24)
- Re: Solaris 7 x86 lpset exploit. Laurent LEVIER (Apr 24)
(Thread continues...)
- Buffer Overflow in version .14 Jesse Schachter (Apr 24)