Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: Solaris ufsroot exploit
From: Job de Haas (jobITSX.COM)
Date: Wed Jun 14 2000 - 16:53:36 CDT
- Next message: Jeremy Guthrie: "Re: Cisco Catalyst switches"
- Previous message: Jeremy Guthrie: "Re: Cisco Catalyst switches"
- Next in thread: Aviram Jenik: "Exploit code for PalmOS"
- Reply: Aviram Jenik: "Exploit code for PalmOS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've got two questions regarding exploiting the ufsroot bug I posted
about on bugtraq.
First, has anyone ever looked at acurate prediction of the position of
the shellcode? My idea was that this would result in more reliable exploits
and even (semi-)automatic exploits. Maybe a little far fetched, especially with
sparc due to the delayed register window stuff. I've always found the get_sp
solution and wildly varying environments ugly.
Second, would there be a way to exploit this bug with an non-executable
stack? The program /usr/lib/fs/ufs/ufsrestore is a statically linked
binary, resulting in a memory map with lots of 00. I looked some at it,
but didn't really come up with anything.