two things. number one, i stated that you will most likely have to brute
force the offset (make a bash/perl script to try running the exploit with
different offsets) because i wrote it for my _slackware_ box, and number
two, as stated before, ddate is NOT suid, therefore you will not recieve
elevated privaledges (your id wont change).

enthh
----- Original Message -----
From: "sekure" <sekurehadrion.com.br>
To: <enthhFLASH.NET>
Cc: <VULN-DEVSECURITYFOCUS.COM>
Sent: 13 February, 2001 7:53 AM
Subject: Re: Re: /usr/bin/ddate buffer overflow

Hello,
.Agin i try this vulnerability...and it didnt work in my Mandrake 7.2 my
results:
 ./ddate
jumping 0xbffff717 off: 0

1ɱX6Fâúê
         .cho.c`riíf*÷Täí WRéZªÆDùÆDý²7îþþtùLù¹
0ÓRòÌdñZ_ÈÂÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿
÷ÿ¿÷ÿ¿÷ÿ¿÷ÿ¿Èùÿ¿¾|
PuTTYSegmentation fault (core dumped)
[wendellnx test]$ whoami
wendel
[wendellnx test]$ id
uid=502(wendel) gid=506(wendel) groups=506(wendel)
[wendellnx test]$ cat /etc/shadow
cat: /etc/shadow: Permission denied
[wendellnx test]$

Maybe in Mandrake 7.2 is not is vulnerability!!MAYBE! :))
thkz
[ ]'s

-----Mensagem original-----
De: enthhFLASH.NET <enthhFLASH.NET>
Para: VULN-DEVSECURITYFOCUS.COM <VULN-DEVSECURITYFOCUS.COM>
Data: Sábado, 10 de Fevereiro de 2001 23:46
Assunto: Re: /usr/bin/ddate buffer overflow

>no, although out of boredom, heres an exploit
>
>----- Original Message -----
>From: "Blue Boar" <BlueBoarTHIEVCO.COM>
>To: <VULN-DEVSECURITYFOCUS.COM>
>Sent: 10 February, 2001 3:17 PM
>Subject: Re: /usr/bin/ddate buffer overflow
>
>
>> Are any of these setuid?
>>
>> BB
>>
>> SosPiro wrote:
>> >
>> > I found a buffer overflow in /usr/bin/ddate (version unknown) "converts
>> > Gregorian dates to Discordian dates.."
>> > I tested it on my Linux Box (RedHat 6.2)
>> > Look at this:
>> >
>> > #ddate +AAAA...x 408
>> > Segmentation Fault (core dumped)
>> >
>> > sospiro
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]