Bugtraq mailing list archives

Re: rdist exploit [bsdi]

From: jaeger () dhp com (jaeger)
Date: Fri, 12 Jul 1996 17:17:08 -0400


On Fri, 12 Jul 1996, Damien Sorder wrote:

Here is a quick bsd/os (should work in freebsd too, I believe) exploitation
script for the rdist buffer overflow vulnerbility.


    Confirmed for FreeBSD 2.1.0-RELEASE, 2.2-960501-SNAP and
2.2-960601-SNAP.  Haven't tried it with the 2.1.5 release stream yet.


It did NOT work on a friend's FreeBSD 2.1.0-RELEASE box. I guess it
depends on the configuration and if the admin has done any other patching.

        The exploit must be compiled with no optimization or it throws off
the hardcoded offsets.  It indeed works on a 2.1.0-RELEASE machine.  Verify
that your friend's rdist is SUID and not a replacement package of some sort.

-jaeger

Current thread:

[linux-security] [8lgm]-Advisory-26.UNIX.rdist.20-3-1996 Jeff Uphoff (Jul 04)
- Re: [linux-security] [8lgm]-Advisory-26.UNIX.rdist.20-3-1996 Michael Shields (Jul 05)
- CERT Advisory CA-96.13 - Vulnerability in the dip program CERT Advisory (Jul 09)
  - Re: CERT Advisory CA-96.13 - Vulnerability in the dip program Efrain Torres (Jul 09)
  - FIRST Conference & Workshop Plans Ron Freund (Jul 09)
  - rdist exploit [bsdi] Brian Mitchell (Jul 09)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 11)
    - Re: rdist exploit [bsdi] Damien Sorder (Jul 11)
    - Re: rdist exploit [bsdi] jaeger (Jul 12)
    - Re: rdist exploit [bsdi] Andrew N. Edmond (Jul 13)
    - Re: rdist exploit [bsdi] Andy Dills (Jul 13)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 14)
    - at the risk of another flamefest.. *Hobbit* (Jul 14)
    - Re: at the risk of another flamefest.. David Stagner (Jul 15)
    - Re: at the risk of another flamefest.. Alan L. Wendt (Jul 15)
    - hpux 10.0 remote administration Matthew G. Harrigan (Jul 15)
    - Re: rdist exploit [bsdi] System Manager (Jul 13)
    - Re: rdist exploit [bsdi] Tom Bowman (Jul 12)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 12)

(Thread continues...)