|
Bugtraq
mailing list archives
Re: WuFTPD: Providing *remote* root since at least1994
From: lamagra () HACKERMAIL NET (Lamagra Argamal)
Date: Sat, 1 Jul 2000 10:41:13 -0000
On Thu, 29 Jun 2000 11:20:59 -0700 Eric Hines <eric.hines () NUASIS COM> wrote:
Has anyone come out with a working version of this exploit script. Both
versions provided on the securityfocus.com web site, and or the one distributed
here by TF8 is not working, even after I fixed his code. Do we know for sure
the thing even exists.. I dunno, can anyone direct me to the actual code,
because I have yet to see a working version of it that doesn't CORE dump.
Please advise.
Eric
This is probably the result of your glibc version.
All released exploits use the %.<number>d technique to increase the number of written bytes to a very large number eg.
decimal(0x08048123). Older versions of glibc just crash here, try printf("%.2000d",5); new versions like the one on
RedHat 6.2 doesn't and produces the last number of bytes (even when snprintf() is used).
-lamagra
Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41
 By Date 
By Thread
Current thread:
- proftp advisory, (continued)
| 
Intro
