|
Bugtraq
mailing list archives
Re: man-exploit for MANPAGER environment...
From: emsi () IT PL (Mariusz Woloszyn)
Date: Wed, 26 Apr 2000 10:28:46 +0200
On Mon, 24 Apr 2000 psychoid () GMX NET wrote:
For the sake of full disclosure an exploit for the MANPAGER environment
variable:
- snip -
/*
* MAN-Exploit for MANPAGER environmental variable.
* rh 6.x, tested on rh 6.1
* written by psychoid/tCl
* gives egid man.
*
* Originally discovered by lcamtuf.
* educational. yes.
*
*/
For absolutely FULL disclosure here is wonderfull man sploit (allready
posted to vuln-dev in thread of sth...) that works cool even if stack is
nonexecutable (it exploits the feature of GOT being executable -- see
vuln-dev archives for details: Pine.GSO.4.03.10004201510040.12388-100000 () zloty it com
pl">http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-04-15&msg=Pine.GSO.4.03.10004201510040.12388-100000
() zloty it com pl</A>).
GreetZ Bulba, Lam3rZ, teso, hert, Smerda Jajeczny.
Kil3r / Emsi / M.C.Mar /
--
Mariusz Wo³oszyn
Internet Security Specialist, Internet Partners, GTS Poland
<HR NOSHADE>
<UL>
<LI>TEXT/PLAIN attachment: 3man.c
</UL>
 By Date 
By Thread
Current thread:
| 
Intro
