Bugtraq mailing list archives

Re: Buffer overflow in sperl5.003

From: luyer () UCS UWA EDU AU (David Luyer)
Date: Fri, 18 Apr 1997 11:12:04 +0800


On Thu, 17 Apr 1997, Murphy wrote:

Attached is the source for the exploit. Since it requires some work to
be done to the compiled exploit (Stripping of 5 byte at the begining and
end of the binary), the precompiled Linux x86 exploit can be found at
http://www.ecst.csuchico.edu/~jtmurphy/localusers.html.


Note that the exploit tries offsets of 1170 to 1240.  Debian Linux with
sperl5.00307 requires a value of 1169 (and is vulnerable).

David.

Current thread:

Sendmail Vulnerability. Alan Brown (Apr 14)
- TcpWrappers and Sendmail Neil Harkins (Apr 15)
- Handy change I made in ltread.c Nathan D. Faber (Apr 15)
- NIS+ and signed directory objects Sun Security Coordination (Apr 15)
- Update on PHP/FI hole Shamanski (Apr 16)
- Buffer overflow in sperl5.003 Murphy (Apr 17)
  - Re: Buffer overflow in sperl5.003 David Luyer (Apr 17)
    - Re: Buffer overflow in sperl5.003 Jon Lewis (Apr 19)
  - [NTSEC] ALERT - NT security flaw announcement Aleph One (Apr 18)
  - Beta testers wanted for new security tool! Alfred Huger (Apr 18)
  - IRIX 6.x /cgi-bin/wrap bug J.A. Gutierrez (Apr 19)
- PHP/FI command line buffer overflow David Sacerdote (Apr 17)
- Sun Security Bulletin #00138 Aleph One (Apr 17)