Bugtraq mailing list archives
Solaris libc locale format string exploit
From: "Solar, Eclipse" <solareclipse () PHREEDOM ORG>
Date: Thu, 19 Oct 2000 19:21:59 -0500
On Sep 8, 2000 Warning3 posted an exploit for the Solaris libc locale format string vulnerability. This was more than a month ago. This bug has not been fixed yet. The Securityfocus vulnerability database shows no patches for the locale bug on Solaris. Sun's website does not even mention the existance of this bug. I understand that fixing a bug in the libc library is not trivia, but it took most Linux vendors just a couple of days to release updated glibc packages. Sun acts as if nothing really serious has happaned. I hope somebody proves me wrong, but Sun doesn't seem to have a clue about what's going on. I have written an exploit for the locale vulnerability. It is based on the exploit code by Warning3, but provides an assistance for guessing the shell code parameters. For more information, including usage examples see the paper at http://www.phreedom.org/solar/locale_sol.txt Get the source code at http://www.phreedom.org/solar/locale_sol.c or see the attachment. Solar Eclipse Phreedom Magazine http://www.phreedom.org
Attachment:
locale_sol.c
Description:
Current thread:
- Solaris libc locale format string exploit Solar, Eclipse (Oct 19)
- Re: Solaris libc locale format string exploit Atro Tossavainen (Oct 20)
- Re: Solaris libc locale format string exploit Jefferson Ogata (Oct 20)
- Re: Solaris libc locale format string exploit van der Kooij, Hugo (Oct 20)
- Re: Solaris libc locale format string exploit Atro Tossavainen (Oct 20)