Bugtraq mailing list archives

Re: rdist exploit [bsdi]

From: sysman () homer bus miami edu (System Manager)
Date: Sat, 13 Jul 1996 18:23:11 -0400


Confirmed on our FreeBSD 2.0.5-RELEASE box.

On Fri, 12 Jul 1996, jaeger wrote:

Here is a quick bsd/os (should work in freebsd too, I believe) exploitation
script for the rdist buffer overflow vulnerbility.


    Confirmed for FreeBSD 2.1.0-RELEASE, 2.2-960501-SNAP and
2.2-960601-SNAP.  Haven't tried it with the 2.1.5 release stream yet.


It did NOT work on a friend's FreeBSD 2.1.0-RELEASE box. I guess it
depends on the configuration and if the admin has done any other patching.

        The exploit must be compiled with no optimization or it throws off
the hardcoded offsets.  It indeed works on a 2.1.0-RELEASE machine.  Verify
that your friend's rdist is SUID and not a replacement package of some sort.

-jaeger

Current thread:

Re: rdist exploit [bsdi], (continued)
- - - Re: rdist exploit [bsdi] Brian Tao (Jul 11)
    - Re: rdist exploit [bsdi] Damien Sorder (Jul 11)
    - Re: rdist exploit [bsdi] jaeger (Jul 12)
    - Re: rdist exploit [bsdi] Andrew N. Edmond (Jul 13)
    - Re: rdist exploit [bsdi] Andy Dills (Jul 13)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 14)
    - at the risk of another flamefest.. *Hobbit* (Jul 14)
    - Re: at the risk of another flamefest.. David Stagner (Jul 15)
    - Re: at the risk of another flamefest.. Alan L. Wendt (Jul 15)
    - hpux 10.0 remote administration Matthew G. Harrigan (Jul 15)
    - Re: rdist exploit [bsdi] System Manager (Jul 13)
    - Re: rdist exploit [bsdi] Tom Bowman (Jul 12)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 12)
    - Re: rdist exploit [bsdi] Cosimo Leipold (Jul 13)
    - Re: rdist exploit [bsdi] Jack Flory (Jul 13)
    - Re: rdist exploit [bsdi] Chris Caputo (Jul 13)
    - Re: rdist exploit [bsdi] Brian Mitchell (Jul 14)
  - BSD mail.local has race condition Travis Hassloch x231 (Jul 10)
- CERT Advisory CA-96.13.dip_vul (dip vulnerability). Jeff Uphoff (Jul 09)