Vulnerability Development mailing list archives
Apache Module Local Buffer Overflow
From: "huw trippz" <trippz_au () hotmail com>
Date: Tue, 11 Sep 2001 10:23:58 +0000
hi,i was looking at the mod_gzip src and found a sprintf that prints the process id and tid onto a var HOST. if you could find a way of changing, or spoofing these id's, and since they are strings, you could easily overwrite HOST with shellcode if you could spoof the pid or tid. This is probably a non-exploit, but anyone with the urge to make themselves look great and get a local nobody shell is welcome to try.
"doot" ohh and i support antisec :) _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Current thread:
- Apache Module Local Buffer Overflow huw trippz (Sep 11)