Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: ospf_monitor (Solaris 2.5)
From: smm () WPI EDU (Seth Michael McGann)
Date: Thu, 22 Oct 1998 00:55:48 -0400


I can confirm that the version in FreeBSD 2.2.6 is indeed vulnerable, the
stack is smashed and we are root at the time :(.  Fortunately, it is not
executable by anyone but root or group ospf.  I would venture that solaris
x86 is vulnerable.  The exploit is trivial, just change the target in your
favorite local overflow and exec.

On Wed, 21 Oct 1998, Joel Eriksson wrote:

This looks suspicious:

bash$ ospf_monitor `perl -e 'print "A"x1066'`
task_get_proto: getprotobyname("ospf") failed, using proto 89
listening on 0.0.0.0.64527
Segmentation Fault

bash$ ls -l /usr/bin/ospf_monitor
-rwsr-xr-x   1 root     other      61892 Sep 17  1997
/usr/bin/ospf_monitor

Has anyone succeded in exploiting this? It sure looks like a
bufferoverflow to me..

/Joel Eriksson



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault