Bugtraq mailing list archives

Re: [xforce () iss net: ISSalert: ISS Advisory: Buffer Overflow in /bin/login]

From: wietse () porcupine org (Wietse Venema)
Date: Wed, 12 Dec 2001 19:07:07 -0500 (EST)

Dan Stromberg:

The CERT advisory says this is multiplatform.

Could someone give me the exploit please?  I'd like to test a woraround.


Traditionally SYSV login accepts "username name=value name=value..."
both from the command line and from stdin. It isn't hard to find out
if you can/cannot clobber process memory by specifying a sufficient
number of name=value values.

        Wietse

Current thread:

[xforce () iss net: ISSalert: ISS Advisory: Buffer Overflow in /bin/login] Dan Stromberg (Dec 12)
- Re: [xforce () iss net: ISSalert: ISS Advisory: Buffer Overflow in /bin/login] Wietse Venema (Dec 12)