Vulnerability Development mailing list archives
Re: /usr/bin/ddate buffer overflow
From: "enthh () FLASH NET" <enthh () FLASH NET>
Date: Sun, 11 Feb 2001 14:25:14 -0500
# gdb -c core /usr/bin/ddate (gdb) info registers esp This will give you the esp, and from there, you can brute force the offset until it drops you a shell. jumping 0xbffff717 off: 0 bash# 0xbffff717 would be the ret address you are looking for (ie: it dropped you a bash shell). I believe it was an offset of -3128 from the esp, although I may be wrong. ----- Original Message ----- From: "Strange" <strange () ec rr com> To: <enthh () FLASH NET> Sent: 10 February, 2001 10:22 PM Subject: Re: /usr/bin/ddate buffer overflow
I'm pretty new to this, but how did you find the ret address or ddate? I
used
gdb and read a few tutorials, but even with those tools I wasn't able to
find
the ret address. I'd be very greatful if you could help me out. Thanks. Strange. On Saturday 10 February 2001 17:31, you wrote:no, although out of boredom, heres an exploit----- Original Message ----- From: "Blue Boar" <BlueBoar () THIEVCO COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: 10 February, 2001 3:17 PM Subject: Re: /usr/bin/ddate buffer overflowAre any of these setuid? BB SosPiro wrote:I found a buffer overflow in /usr/bin/ddate (version unknown)
"converts
Gregorian dates to Discordian dates.." I tested it on my Linux Box (RedHat 6.2) Look at this: #ddate +AAAA...x 408 Segmentation Fault (core dumped) sospiro---------------------------------------- Content-Type: application/octet-stream; charset="iso-8859-1";
name="ddate.c"
Content-Transfer-Encoding: quoted-printable Content-Description: ----------------------------------------
Current thread:
- Re: ftp.exe buffer overflow ?, (continued)
- Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 11)
- Re: ftp.exe buffer overflow ? Riley Hassell (Feb 15)
- Re: ftp.exe buffer overflow ? Michal Zalewski (Feb 15)
- Re: ftp.exe buffer overflow ? Benjamin Branch (Feb 15)
- Re: ftp.exe buffer overflow ? Bob Monkier (Feb 15)
- Re: ftp.exe buffer overflow ? Ryan Permeh (Feb 16)
- Internet explorer bug or Micromedia Flash bug ? cyber_hunter (Feb 19)
- Re: ftp.exe buffer overflow ? Antti Hakulinen (Feb 15)
- Message not available
- Re: ftp.exe buffer overflow ? Lincoln Yeoh (Feb 13)
- Re: ftp.exe buffer overflow ? Lord Soth (Feb 11)
- Message not available
- Re: /usr/bin/ddate buffer overflow enthh () FLASH NET (Feb 11)
- Re: /usr/bin/ddate buffer overflow Larry W. Cashdollar (Feb 14)