On Thu, 29 Jun 2000 11:20:59 -0700 Eric Hines <eric.hines_at_NUASIS.COM> wrote:
>Has anyone come out with a working version of this exploit script. Both
>versions provided on the securityfocus.com web site, and or the one distributed
>here by TF8 is not working, even after I fixed his code. Do we know for sure
>the thing even exists.. I dunno, can anyone direct me to the actual code,
>because I have yet to see a working version of it that doesn't CORE dump.
>Please advise.
>
>Eric
This is probably the result of your glibc version.
All released exploits use the %.<number>d technique to increase the number of written bytes to a very large number eg. decimal(0x08048123). Older versions of glibc just crash here, try printf("%.2000d",5); new versions like the one on RedHat 6.2 doesn't and produces the last number of bytes (even when snprintf() is used).
-lamagra
Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41
Received on Jul 02 2000
Intro
