Penetration Testing mailing list archives
Re: Format String Vulnerabilities
From: Pranay Kanwar <warl0ck () metaeye org>
Date: Sat, 19 May 2007 02:32:58 +0530
Hi, RedHat 9 does not have any protection enabled in the default installation ( i am even sure it does not exist). As i recall RedHat 9 shipped with kernel 2.4.20 and it does not have any stack protection by default. Also it may be possible the kernel has been patched with Grsecurity patch or Open wall's patch. Also it would be beneficial if you took a look at scut's paper on exploiting format string vulnerabilities and LSD's discussion of IRIX telnet daemon exploit. regards, warl0ck // MSG http://www.metaeye.org ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Format String Vulnerabilities Mike Gibson (May 18)
- Re: Format String Vulnerabilities Pranay Kanwar (May 18)
- Re: Format String Vulnerabilities rajat swarup (May 18)
- <Possible follow-ups>
- Re: Format String Vulnerabilities andy . x . johnson (May 18)