Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Solaris 2.4 pop buffer overrunMatthew R. Potter (mpotterKMFDM.SYSTEM.GIP.NET)
Fri, 7 Aug 1998 16:29:22 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: John D. Hardin: "Re: Eudora executes (Java) URL"
- Previous message: Ben Laurie: "Re: YA Apache DoS attack"
- In reply to: Julio Casal: "Solaris 2.4 pop buffer overrun"
- Next in thread: Julio Casal: "Re: Solaris 2.4 pop buffer overrun"
At 06:55 PM 8/5/98 +0200, you wrote: >An old one I guess known but I never saw it in the list: > >Solaris 2.4 popper has an overflow in the username explotaible obviously >as root. >It's also easy to get root's shadow entry in the core dumped just failing to >log as root before overruning the username. Depending on the revision level of 2.4 the dump will follow symolic and hard links, So why wait to crack the root password when you can slam a few files and get a full fledged uid of 0. core() is wack in pre 2.5.1(may 96) versions. Matt