Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Format String Vulnerabilities
From: Pranay Kanwar <warl0ck () metaeye org>
Date: Sat, 19 May 2007 02:32:58 +0530


RedHat 9 does not have any protection enabled
in the default installation ( i am even sure it does not exist).
As i recall RedHat 9 shipped with kernel 2.4.20 and it does
not have any stack protection by default.

Also it may be possible the kernel has been patched with
Grsecurity patch or Open wall's patch.

Also it would be beneficial if you took a look at scut's paper
on exploiting format string vulnerabilities and LSD's discussion
of IRIX telnet daemon exploit.


warl0ck // MSG

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]