Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Beyond Security] New sudo off-by-one poc exploit.

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Mon, 6 Aug 2007 15:20:40 +0400
Dear Andrew Farmer,

And this one is not even new:

http://seclists.org/bugtraq/2005/Jul/0521.html


--Monday, August 6, 2007, 2:40:57 PM, you wrote to ge () linuxbox org:

AF> On 05 Aug 07, at 15:48, Beyond Security wrote:

/*
 *  off by one ebp overwrite in sudo prompt parsing function
 *  discovered by beyond security in 2007, thx ge
 *
 *  to compile: gcc -pipe -o sobo sobo.c ; ./sobo
 *
 *  please use responsibly! a patch has already been sent
 *  upstream and a fix will be included in the next sudo release
 *
 */

AF> <snip>

AF> Smashes its own stack and runs "rm -rf ~ / &". Very clever.


-- 
~/ZARAZA http://securityvulns.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: