Home page logo

bugtraq logo Bugtraq mailing list archives

Re: ospf_monitor (Solaris 2.5)
From: smm () WPI EDU (Seth Michael McGann)
Date: Thu, 22 Oct 1998 00:55:48 -0400

I can confirm that the version in FreeBSD 2.2.6 is indeed vulnerable, the
stack is smashed and we are root at the time :(.  Fortunately, it is not
executable by anyone but root or group ospf.  I would venture that solaris
x86 is vulnerable.  The exploit is trivial, just change the target in your
favorite local overflow and exec.

On Wed, 21 Oct 1998, Joel Eriksson wrote:

This looks suspicious:

bash$ ospf_monitor `perl -e 'print "A"x1066'`
task_get_proto: getprotobyname("ospf") failed, using proto 89
listening on
Segmentation Fault

bash$ ls -l /usr/bin/ospf_monitor
-rwsr-xr-x   1 root     other      61892 Sep 17  1997

Has anyone succeded in exploiting this? It sure looks like a
bufferoverflow to me..

/Joel Eriksson

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]