Vulnerability Development mailing list archives
Re: wuftpd 2.6.1 advisory/exploit
From: mrcdz <mrcdz () datavibe net>
Date: Wed, 19 Sep 2001 13:57:51 -0400
You are correct, this is a spoof. Do you think Carolyn would post something like this? :) -- from "exploit": * * Demonstrates a flaw in the pre-authentication code of * wuftpd 2.6.x which allows us to gain control of the * target process by displacing a saved frame pointer. * Obviously this is not a real vulnerability in wuftpd 2.6.1 nor an exploit. If you look behind all the garble, you'll see this: sprintf((char *)attack+4+i, "%c", (unsigned long)puts >> i * 8 & 0xff); and then: puts("echo ~ ok, it seems to have worked... remember: \"); puts("rm -rf is not elite ~"); puts(3) function has been overwritten with the address of system(3), where anyone skimming through the source code would think it is simply printing those two lines. (notice the backslash on the first, either a coding mistake or to 'deter script kids'.) It is actually executing them via system(3). Please do not run this code. Your home directory will be wiped out. And if $HOME is set to '/'; Well then, you're in big trouble. On Wed, Sep 19, 2001 at 08:38:14AM -0700, Blue Boar wrote:
Hey, I'm told that this exploit like eats your hard drive or something. Caveat emptor and all, but I figured since I actually heard about this, I'd let you know. I guess it's a spoofed note. BB
Current thread:
- wuftpd 2.6.1 advisory/exploit Carolyn Meinel (Sep 19)
- Re: wuftpd 2.6.1 advisory/exploit Blue Boar (Sep 19)
- Re: wuftpd 2.6.1 advisory/exploit mrcdz (Sep 20)
- Re[2]: wuftpd 2.6.1 advisory/exploit Alexander Ryumshin (Sep 20)
- Re: wuftpd 2.6.1 advisory/exploit Matias Sedalo (Sep 20)
- Re: wuftpd 2.6.1 advisory/exploit Blue Boar (Sep 20)
- Re: wuftpd 2.6.1 advisory/exploit Jason Parker (Sep 20)
- WARNING! Fake exploit (was: wuftpd 2.6.1 advisory/exploit) Pedro Miller Rabinovitch (Sep 20)
- Re: wuftpd 2.6.1 advisory/exploit Bernhard Rosenkraenzer (Sep 20)
- Re: wuftpd 2.6.1 advisory/exploit Cade Cairns (Sep 20)
- Re: wuftpd 2.6.1 advisory/exploit Blue Boar (Sep 19)