|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: 3APA3A (3APA3A
SECURITY.NNOV.RU)
Date: Mon Aug 06 2007 - 06:20:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear Andrew Farmer,
And this one is not even new:
http://seclists.org/bugtraq/2005/Jul/0521.html
--Monday, August 6, 2007, 2:40:57 PM, you wrote to gelinuxbox.org:
AF> On 05 Aug 07, at 15:48, Beyond Security wrote:
>> /*
>> * off by one ebp overwrite in sudo prompt parsing function
>> * discovered by beyond security in 2007, thx ge
>> *
>> * to compile: gcc -pipe -o sobo sobo.c ; ./sobo
>> *
>> * please use responsibly! a patch has already been sent
>> * upstream and a fix will be included in the next sudo release
>> *
>> */
AF> <snip>
AF> Smashes its own stack and runs "rm -rf ~ / &". Very clever.
--
~/ZARAZA http://securityvulns.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]