Re: /usr/bin/ddate buffer overflow

["enthh () FLASH NET" <enthh () FLASH NET>]

two things. number one, i stated that you will most likely have to brute
force the offset (make a bash/perl script to try running the exploit with
different offsets) because i wrote it for my _slackware_ box, and number
two, as stated before, ddate is NOT suid, therefore you will not recieve
elevated privaledges (your id wont change).

enthh
----- Original Message -----
From: "sekure" <sekure () hadrion com br>
To: <enthh () FLASH NET>
Cc: <VULN-DEV () SECURITYFOCUS COM>
Sent: 13 February, 2001 7:53 AM
Subject: Re: Re: /usr/bin/ddate buffer overflow


Hello,
.Agin i try this vulnerability...and it didnt work in my Mandrake 7.2 my
results:
 ./ddate
jumping 0xbffff717 off: 0

1ɱX6Fâúê
         .cho.c`riíf*÷Täí       WRéZªÆDùÆDý²7îþþtùLù¹
0ÓRòÌdñZ_ÈÂÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿
÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿Èùÿ¿¾|@
PuTTYSegmentation fault (core dumped)
[wendel@lnx test]$ whoami
wendel
[wendel@lnx test]$ id
uid=502(wendel) gid=506(wendel) groups=506(wendel)
[wendel@lnx test]$ cat /etc/shadow
cat: /etc/shadow: Permission denied
[wendel@lnx test]$

Maybe in Mandrake 7.2 is not is vulnerability!!MAYBE! :))
thkz
[ ]'s


-----Mensagem original-----
De: enthh () FLASH NET <enthh () FLASH NET>
Para: VULN-DEV () SECURITYFOCUS COM <VULN-DEV () SECURITYFOCUS COM>
Data: Sábado, 10 de Fevereiro de 2001 23:46
Assunto: Re: /usr/bin/ddate buffer overflow


> no, although out of boredom, heres an exploit
>
> ----- Original Message -----
> From: "Blue Boar" <BlueBoar () THIEVCO COM>
> To: <VULN-DEV () SECURITYFOCUS COM>
> Sent: 10 February, 2001 3:17 PM
> Subject: Re: /usr/bin/ddate buffer overflow
>
>
> > Are any of these setuid?
> >
> > BB
> >
> > SosPiro wrote:
> > > I found a buffer overflow in /usr/bin/ddate (version unknown) "converts
> > > Gregorian dates to Discordian dates.."
> > > I tested it on my Linux Box (RedHat 6.2)
> > > Look at this:
> > >
> > > #ddate +AAAA...x 408
> > > Segmentation Fault (core dumped)
> > >
> > > sospiro