|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: rdist exploit [bsdi]
jaeger (jaeger
dhp.com)Fri, 12 Jul 1996 17:17:08 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Brian Tao: "Re: rdist exploit [bsdi]"
- Previous message: The Terminator rAT: "Re: rdist exploit [bsdi]"
- In reply to: Damien Sorder: "Re: rdist exploit [bsdi]"
- Next in thread: Andrew N. Edmond: "Re: rdist exploit [bsdi]"
On Fri, 12 Jul 1996, Damien Sorder wrote:
> > > Here is a quick bsd/os (should work in freebsd too, I believe) exploitation
> > > script for the rdist buffer overflow vulnerbility.
> >
> > Confirmed for FreeBSD 2.1.0-RELEASE, 2.2-960501-SNAP and
> > 2.2-960601-SNAP. Haven't tried it with the 2.1.5 release stream yet.
>
> It did NOT work on a friend's FreeBSD 2.1.0-RELEASE box. I guess it
> depends on the configuration and if the admin has done any other patching.
>
The exploit must be compiled with no optimization or it throws off
the hardcoded offsets. It indeed works on a 2.1.0-RELEASE machine. Verify
that your friend's rdist is SUID and not a replacement package of some sort.
-jaeger
- Next message: Brian Tao: "Re: rdist exploit [bsdi]"
- Previous message: The Terminator rAT: "Re: rdist exploit [bsdi]"
- In reply to: Damien Sorder: "Re: rdist exploit [bsdi]"
- Next in thread: Andrew N. Edmond: "Re: rdist exploit [bsdi]"