Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: traceroute-4.4BSD (slack) heap overflow

From: Slawek <sgp () TELSATGP COM PL>
Date: Mon, 8 Jan 2001 17:40:04 +0100
Tuesday, January 09, 2001 1:13 AM +0100, Cristi Dumitrescu wrote:

Also, the resolver *certainly* limits the character set. As far
as I know, there is no shellcode composed of this character set. It's not
impossible to write one, but it would be very very hard to do so.



Some time ago I've written a shellcode what was designed to be placed in
hostname. It was published on vuln-dev.

And something more to add - in local exploit scenerio we don't have to put
shellcode in hostname (it can be placed in env' variables for example).


Well.. whatever.. this time it's not exploitable, becouse we can't overwrite
anything useful :o)


Bye,
Slawek
Previous By Date Next
Previous By Thread Next

Current thread: