|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Aramis Orlando (aramis
easynet.ro)Date: Sat Feb 16 2002 - 21:06:29 CST
('binary' encoding is not supported, stored as-is)
Well .. once again we proved that the coders are to
busy to look at they`re code...
I discovered a bug on telnetd...
what this :
======================================
=========
[rootlocalhost telnet]# telnet 127.0.0.1 -l "`perl -
e 'printf "A"x9000'`"
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
Segmentation fault (core dumped)
[rootlocalhost telnet]#
======================================
=========
gdb output :
(gdb) info registers
eax 0x1 1
ecx 0x401eff00 1075773184
edx 0x807d398 134730648
ebx 0x401f19e4 1075780068
esp 0xbfffd3e8 0xbfffd3e8
ebp 0xbfffd410 0xbfffd410
esi 0x41414140 1094795584
edi 0x807d190 134730128
eip 0x40146df0 0x40146df0
eflags 0x10202 66050
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x2b 43
gs 0x2b 43
fctrl 0x0 0
fstat 0x0 0
ftag 0x0 0
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
(gdb)
======================================
==
but we can`t write a local exploit because :
[rootlocalhost telnet]# ls -al `which telnet`
-rwxr-xr-x 1 root root 130956 Mar 30
2001 /usr/kerberos/bin/telnet
[rootlocalhost telnet]#
======================================
==
--==Aramis==--
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]