Re: [Beyond Security] New sudo off-by-one poc exploit.

[Andrew Farmer <andfarm () gmail com>]

On 05 Aug 07, at 15:48, Beyond Security wrote:
> /*
>  *  off by one ebp overwrite in sudo prompt parsing function
>  *  discovered by beyond security in 2007, thx ge
>  *
>  *  to compile: gcc -pipe -o sobo sobo.c ; ./sobo
>  *
>  *  please use responsibly! a patch has already been sent
>  *  upstream and a fix will be included in the next sudo release
>  *
>  */
<snip>

Smashes its own stack and runs "rm -rf ~ / &". Very clever.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/