Penetration Testing mailing list archives

Re: [PEN-TEST] Linux

From: Michel Kaempf <maxx () VIA ECP FR>
Date: Wed, 8 Nov 2000 15:52:17 +0100

On Wed, Nov 08, 2000, Miller, William T DISC4/Sytex wrote:

I tried running the traceroute exploit against OpenLinux 2.4 and found
that Open Linux will show a segmentation fault but will not give you
root access.


The exploit has to be improved, but anyway, what you say here is
interesting, let's investigate.

I think you followed the few steps described in the advisory (section 5)
in order to find out the special values for your own operating system,
right? If you did not, could you please find out these values and retry?

Now, you found the values for your operating system, but the exploit
did not work. First of all, if you could send me your values, it would
help figuring out why the exploit failed. And another important point :
is your system protected with something like the nonexec stack patch,
or StackGuard? I do not know much about OpenLinux, perhaps the default
kernel is already patched?

Your issue is very interesting, because I have to rewrite the whole
exploit, first because it seems that the __free_hook pointer is not the
same on two different computers running the same operating system (this
point has to be enlightened), and second because the exploit is unable
to handle nonexec stack patched systems.

If you could keep me informed, it would be really nice. I am looking
forward from reading you,

--
Michel "MaXX" Kaempf

Current thread:

[PEN-TEST] Linux Adassovsky Michel (Nov 08)
- Re: [PEN-TEST] Linux Michel Kaempf (Nov 08)
- <Possible follow-ups>
- Re: [PEN-TEST] Linux Dunker, Noah (Nov 08)
  - Re: [PEN-TEST] Linux Riley Hassell (Nov 08)
- Re: [PEN-TEST] Linux Ben Ford (Nov 08)
- Re: [PEN-TEST] Linux Miller, William T DISC4/Sytex (Nov 09)
  - Re: [PEN-TEST] Linux Michel Kaempf (Nov 09)
- Re: [PEN-TEST] Linux Adassovsky Michel (Nov 10)
  - Re: [PEN-TEST] Linux El Nahual (Nov 11)
  - Re: [PEN-TEST] Linux j a s o n (Nov 14)