|
Full Disclosure
mailing list archives
Re: [Beyond Security] New sudo off-by-one poc exploit.
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Mon, 6 Aug 2007 15:20:40 +0400
Dear Andrew Farmer,
And this one is not even new:
http://seclists.org/bugtraq/2005/Jul/0521.html
--Monday, August 6, 2007, 2:40:57 PM, you wrote to ge () linuxbox org:
AF> On 05 Aug 07, at 15:48, Beyond Security wrote:
/*
* off by one ebp overwrite in sudo prompt parsing function
* discovered by beyond security in 2007, thx ge
*
* to compile: gcc -pipe -o sobo sobo.c ; ./sobo
*
* please use responsibly! a patch has already been sent
* upstream and a fix will be included in the next sudo release
*
*/
AF> <snip>
AF> Smashes its own stack and runs "rm -rf ~ / &". Very clever.
--
~/ZARAZA http://securityvulns.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: [Beyond Security] New sudo off-by-one poc exploit. 3APA3A (Aug 06)
|
Intro
