Bugtraq mailing list archives

Re: ADV/EXP:pic/lpd remote exploit - RH 7.0

From: iG0R <igor () bs volga ru>
Date: Mon, 30 Jul 2001 08:21:36 +0500

On 29 July 2001 13:57, you wrote:

It seems that some releases aren't affected. Can anyone confirm these ones:
Mandrake 8 groff 1.16.1
RedHat 6.2 groff 1.15 ?

I can confirm it works indeed on RedHat 5.2 and 6.1 (default distro).


Mandrake 8.0 are vulnerable with groff-1.16.1-7mdk and safe_address 0x8075fab

1: x/i $eip  0x805683c <strcpy+55720>:  jmp    *0x8066b50(,%edx,4)
(gdb)
0x08056853 in strcpy ()
1: x/i $eip  0x8056853 <strcpy+55743>:  mov    $0x1,%edx
(gdb)
0x08056858 in strcpy ()
1: x/i $eip  0x8056858 <strcpy+55748>:  mov    %edx,0x8075fac
(gdb)
0x0805685e in strcpy ()
1: x/i $eip  0x805685e <strcpy+55754>:  jmp    0x8056975 <strcpy+56033>
(gdb)

Current thread:

ADV/EXP:pic/lpd remote exploit - RH 7.0 zen-parse (Jul 26)
- <Possible follow-ups>
- Re: ADV/EXP:pic/lpd remote exploit - RH 7.0 Marco Castelvecchio (Jul 29)
  - Re: ADV/EXP:pic/lpd remote exploit - RH 7.0 iG0R (Jul 29)