Bugtraq mailing list archives
Re: Solaris 2.4 pop buffer overrun
From: mpotter () KMFDM SYSTEM GIP NET (Matthew R. Potter)
Date: Fri, 7 Aug 1998 16:29:22 -0400
At 06:55 PM 8/5/98 +0200, you wrote:
An old one I guess known but I never saw it in the list: Solaris 2.4 popper has an overflow in the username explotaible obviously as root. It's also easy to get root's shadow entry in the core dumped just failing to log as root before overruning the username.
Depending on the revision level of 2.4 the dump will follow symolic and hard links, So why wait to crack the root password when you can slam a few files and get a full fledged uid of 0. core() is wack in pre 2.5.1(may 96) versions. Matt
Current thread:
- Solaris 2.5.1/2.6 fingerd bug Fiji (Aug 05)
- Re: Solaris 2.5.1/2.6 fingerd bug James Garnett (Aug 05)
- Solaris 2.4 pop buffer overrun Julio Casal (Aug 05)
- Re: Solaris 2.4 pop buffer overrun Matthew R. Potter (Aug 07)
- Re: Solaris 2.5.1/2.6 fingerd bug Joseph Moran (Aug 06)
- Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 07)
- Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 06)
- Re: Solaris 2.5.1/2.6 fingerd bug Matthew R. Potter (Aug 06)
- ADMsmb security scanner for samba The ADM Crew (Aug 06)
- Eudora executes (Java) URL Stout, Bill (Aug 07)
- Re: Eudora executes (Java) URL John D. Hardin (Aug 07)
- Re: Eudora executes (Java) URL John D. Hardin (Aug 08)
- Solaris 2.4 pop buffer overrun Julio Casal (Aug 05)
- Re: Solaris 2.5.1/2.6 fingerd bug James Garnett (Aug 05)
- IRIX IP Spoofing/TCP Sequence Attack Update SGI Security Coordinator (Aug 06)
- IRIX BIND DNS Vulnerabilities Update SGI Security Coordinator (Aug 06)