Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WuFTPD: Providing *remote* root since at least1994

From: lamagra () HACKERMAIL NET (Lamagra Argamal)
Date: Sat, 1 Jul 2000 10:41:13 -0000

On Thu, 29 Jun 2000 11:20:59 -0700 Eric Hines <eric.hines () NUASIS COM> wrote:

Has anyone come out with a working version of this exploit script. Both
versions provided on the securityfocus.com web site, and or the one distributed
here by TF8 is not working, even after I fixed his code.  Do we know for sure
the thing even exists.. I dunno, can anyone direct me to the actual code,
because I have yet to see a working version of it that doesn't CORE dump.
Please advise.

Eric


This is probably the result of your glibc version.
All released exploits use the %.<number>d technique to increase the number of written bytes to a very large number eg. 
decimal(0x08048123). Older versions of glibc just crash here, try printf("%.2000d",5); new versions like the one on 
RedHat 6.2 doesn't and produces the last number of bytes (even when snprintf() is used).

-lamagra

Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41
Previous By Date Next
Previous By Thread Next

Current thread: