Bugtraq mailing list archives
Re: Buffer overflow in sperl5.003
From: luyer () UCS UWA EDU AU (David Luyer)
Date: Fri, 18 Apr 1997 11:12:04 +0800
On Thu, 17 Apr 1997, Murphy wrote:
Attached is the source for the exploit. Since it requires some work to be done to the compiled exploit (Stripping of 5 byte at the begining and end of the binary), the precompiled Linux x86 exploit can be found at http://www.ecst.csuchico.edu/~jtmurphy/localusers.html.
Note that the exploit tries offsets of 1170 to 1240. Debian Linux with sperl5.00307 requires a value of 1169 (and is vulnerable). David.
Current thread:
- Sendmail Vulnerability. Alan Brown (Apr 14)
- TcpWrappers and Sendmail Neil Harkins (Apr 15)
- Handy change I made in ltread.c Nathan D. Faber (Apr 15)
- NIS+ and signed directory objects Sun Security Coordination (Apr 15)
- Update on PHP/FI hole Shamanski (Apr 16)
- Buffer overflow in sperl5.003 Murphy (Apr 17)
- Re: Buffer overflow in sperl5.003 David Luyer (Apr 17)
- Re: Buffer overflow in sperl5.003 Jon Lewis (Apr 19)
- [NTSEC] ALERT - NT security flaw announcement Aleph One (Apr 18)
- Beta testers wanted for new security tool! Alfred Huger (Apr 18)
- IRIX 6.x /cgi-bin/wrap bug J.A. Gutierrez (Apr 19)
- Re: Buffer overflow in sperl5.003 David Luyer (Apr 17)
- PHP/FI command line buffer overflow David Sacerdote (Apr 17)
- Sun Security Bulletin #00138 Aleph One (Apr 17)