Vulnerability Development mailing list archives
Re: traceroute-4.4BSD (slack) heap overflow
From: Cristi Dumitrescu <cristid () CHIP RO>
Date: Tue, 9 Jan 2001 15:25:08 -0800
Been there, tried that. I knew the old way of viewing the shadow with ping or traceroute utilities using this method. Fact is RESOLV_HOST_CONF is not reffering to /etc/hosts, but to /etc/resolv.conf =[ You could at most use a rogue ns with this method. ----- Original Message ----- From: "Techno Bob" <tbob () TECHIE COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Saturday, January 06, 2001 2:23 PM Subject: Re: traceroute-4.4BSD (slack) heap overflow
------Original Message------ Yep, I know, that's exactly why I posted it here, because I found no
proper
way to exploit it, even by modifying /etc/hosts :) Btw, isn't there any environment variable that allows you to specify the hosts file being used? ------------------------------- Yep, try this: $ export RESOLV_HOST_CONF= any file you want And this can be done by user-level because this used to be a way to view /etc/shadow. Combine this with the exploit method I suggested earlier and you've got a pretty plausable exploitation method. Thanx TBob "Veni Vermini Vomui" ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- Re: traceroute-4.4BSD (slack) heap overflow, (continued)
- Re: traceroute-4.4BSD (slack) heap overflow Gordon Messmer (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Frank de Lange (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Matt Zimmerman (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Rodrigo Barbosa (aka morcego) (Jan 10)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Oliver Friedrichs (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Techno Bob (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Techno Bob (Jan 07)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Matt Zimmerman (Jan 11)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)