Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: traceroute-4.4BSD (slack) heap overflow

From: Cristi Dumitrescu <cristid () CHIP RO>
Date: Tue, 9 Jan 2001 15:25:08 -0800
Been there, tried that. I knew the old way of viewing the shadow with ping
or traceroute utilities using this method. Fact is RESOLV_HOST_CONF is not
reffering to /etc/hosts, but to /etc/resolv.conf =[ You could at most use a
rogue ns with this method.

----- Original Message -----
From: "Techno Bob" <tbob () TECHIE COM>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Saturday, January 06, 2001 2:23 PM
Subject: Re: traceroute-4.4BSD (slack) heap overflow



------Original Message------

Yep, I know, that's exactly why I posted it here, because I found no

proper

way to exploit it, even by modifying /etc/hosts :)
Btw, isn't there any environment variable that allows you to specify the
hosts file being used?

-------------------------------
Yep, try this:


$ export RESOLV_HOST_CONF= any file you want

And this can be done by user-level because this used to be a way to view
/etc/shadow.
Combine this with the exploit method I suggested earlier and you've got a
pretty plausable exploitation method.

Thanx
TBob
"Veni Vermini Vomui"


______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
Previous By Date Next
Previous By Thread Next

Current thread: