Bugtraq mailing list archives
Re: top format string bug exploit code (exploitable)
From: Lupe Christoph <lupe () lupe-christoph de>
Date: Thu, 26 Jul 2001 08:42:18 +0200
On Wednesday, 2001-07-25 at 19:24:29 +0900, SeungHyun Seo wrote:
It still seems to be affected under 3.5beta9 (including this version) someone said it's not the problem of exploitable vulnerability about 8 month ago , but it's possible to exploit though situation is difficult. following code and some procedure comments demonstrate it.
possible to get kmem priviledge in the XXXXBSD which is still not patched, possible to get root priviledge in solaris .
Top does not need to be SUID root in Solaris, either. The default install uses this mode (clipped from the Makefile generated on Solaris 8 x86): MODE = 2711 GROUP = sys Both /dev/mem and /dev/kmem are crw-r----- 1 root sys 13, 1 Dec 3 2000 /dev/kmem crw-r----- 1 root sys 13, 0 Dec 3 2000 /dev/mem Lupe Christoph -- | lupe () lupe-christoph de | http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm |
Current thread:
- top format string bug exploit code (exploitable) SeungHyun Seo (Jul 25)
- Re: top format string bug exploit code (exploitable) David Brownlee (Jul 25)
- Re: top format string bug exploit code (exploitable) Joe Warren-Meeks (Jul 27)
- Re: top format string bug exploit code (exploitable) Przemyslaw Frasunek (Jul 25)
- Re: top format string bug exploit code (exploitable) Lupe Christoph (Jul 26)
- Re: top format string bug exploit code (exploitable) David Brownlee (Jul 25)