Vulnerability Development mailing list archives
fbsd 3.3 ospf_monitor research
From: btellier () USA NET (Brock Tellier)
Date: Fri, 8 Oct 1999 14:23:47 MDT
I wonder if anyone could research fbsd 3.3's ospf_monitor program. It has an exploitable buffer overflow: bash-2.03$ ./smashf 1100 600 Using address: 0xbfbfd834 bash-2.03$ ospf_monitor AA$RET listening on 0.0.0.0.1495 monconf: Can't open monitor conf file ... uid=1000 euid=1000 gid=1000 egid=1000 bash-2.03$ But evidently drops privs before it occurs (apparently after it binds to port 1495). Now why, if it binds to an unpriv'd port, would it have suidroot privs to begin with? And what could command execution actually get us if not a rootshell? Brock Tellier UNIX Systems Administrator ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
Current thread:
- Re: Guestbook perl script (error fix) Blue Boar (Oct 04)
- Re: Guestbook perl script (error fix) Matt Carothers (Oct 08)
- Newbie in Jeopardy Me Uh, K. (Oct 06)
- Re: Newbie in Jeopardy Nimrod Vered (Oct 09)
- Re: Guestbook perl script (error fix) Erik Parker (Oct 08)
- SSH and X11 forwarding Rob Quinn (Oct 08)
- fbsd 3.3 ospf_monitor research Brock Tellier (Oct 08)
- Re: fbsd 3.3 ospf_monitor research Jeff Bachtel (Oct 10)
- Re: fbsd 3.3 ospf_monitor research Andrew Reiter (Oct 11)
- restoretextmode problems robert (Oct 11)
- Newbie in Jeopardy Me Uh, K. (Oct 06)
- NT SysKey should be breakable Mikael Olsson (Oct 08)
- Re: NT SysKey should be breakable Mikael Olsson (Oct 09)
- 2 dodgy network programs Antonomasia (Oct 09)
- Re: 2 dodgy network programs Nick 'Zaf' Clifford (Oct 09)
- Re: 2 dodgy network programs David R. Conrad (Oct 13)
- Classes? Devin Walters (Oct 16)
- Re: Classes? Blue Boar (Oct 16)
- Re: Guestbook perl script (error fix) Matt Carothers (Oct 08)