Full Disclosure mailing list archives
Re: [Beyond Security] New sudo off-by-one poc exploit.
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Mon, 6 Aug 2007 15:20:40 +0400
Dear Andrew Farmer, And this one is not even new: http://seclists.org/bugtraq/2005/Jul/0521.html --Monday, August 6, 2007, 2:40:57 PM, you wrote to ge () linuxbox org: AF> On 05 Aug 07, at 15:48, Beyond Security wrote:
/* * off by one ebp overwrite in sudo prompt parsing function * discovered by beyond security in 2007, thx ge * * to compile: gcc -pipe -o sobo sobo.c ; ./sobo * * please use responsibly! a patch has already been sent * upstream and a fix will be included in the next sudo release * */
AF> <snip> AF> Smashes its own stack and runs "rm -rf ~ / &". Very clever. -- ~/ZARAZA http://securityvulns.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Beyond Security] New sudo off-by-one poc exploit. 3APA3A (Aug 06)