Bugtraq mailing list archives
the rpc.statd exploit
From: ron1n - <shellcode () HOTMAIL COM>
Date: Tue, 8 Aug 2000 00:11:06 EST
Ok, this post has no technical content, but after I released my version of the rpc.statd exploit, I realized I upset several people, so I'd like to provide some corrective information. Here's my "exploit errata", so to speak: * 24th July, 2000 was the date I *started* the exploit. I now realize this is misleading. I released the exploit 3 days after its completion. Those 3 days were spent testing and fixing -- a few things crept through unfixed, but the exploit is fully functional. I did not cripple it, because in my humble opinion, it doesn't "alleviate" any misuse of the code. Someone always distributes fixed versions of crippled exploit code within days and as far as I know, I am not the only one who has released an uncrippled exploit. * Two other exploits were released for this vulnerability -- (1) a debian exploit by drow for the PPC platform ; (2) a generic linux/x86 with a suse default address by doing. Because of this disclosure, I did not imagine the release of my version would trigger any hostility. * I explicitly stated that I am not a security expert. The actual release was my small contribution to something I thought I believed in. I guess I had it all wrong, eh? * My original idea of how to exploit the format string vulnerability was incorrect. Specifically, the junk bytes between the return addresses were not present, meaning the %n specifiers would have been short on addresses (btw, the %!d specifiers were actually switched to %!x before release for ease of calculations). I cannot say whether or not I would have discovered my error during the coding stage, but major credit goes to smiler/z- for clarifying this for me. I failed to give him the credit he deserved. * I am not affiliated with any of the groups mentioned in the greets section, and for that reason they cannot be held accountable for any "stupidity" on my behalf. Yes, this is entirely silly to the point of ridicule, but so be it. Regards, ron1n ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Current thread:
- the rpc.statd exploit ron1n - (Aug 07)