Full Disclosure: Re: [Beyond Security] New sudo off-by-one poc exploit.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: [Beyond Security] New sudo off-by-one poc exploit.

From: Andrew Farmer <andfarm () gmail com>
Date: Mon, 6 Aug 2007 03:40:57 -0700

On 05 Aug 07, at 15:48, Beyond Security wrote:

/*
 *  off by one ebp overwrite in sudo prompt parsing function
 *  discovered by beyond security in 2007, thx ge
 *
 *  to compile: gcc -pipe -o sobo sobo.c ; ./sobo
 *
 *  please use responsibly! a patch has already been sent
 *  upstream and a fix will be included in the next sudo release
 *
 */

<snip>

Smashes its own stack and runs "rm -rf ~ / &". Very clever.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

[Beyond Security] New sudo off-by-one poc exploit. Beyond Security (Aug 06)
- Re: [Beyond Security] New sudo off-by-one poc exploit. Andrew Farmer (Aug 06)