Full Disclosure mailing list archives
Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient
From: Valdis.Kletnieks () vt edu
Date: Thu, 28 Apr 2011 17:09:07 -0400
On Thu, 28 Apr 2011 14:40:22 -0300, Mario Vilas said:
Is the suid bit set on that binary? Otherwise, unless I'm missing something it doesn't seem to be exploitable by an attacker...
Who cares? You got code executed on the remote box, that's the *hard* part. Use that to inject a callback shell or something, use *that* to get yourself a shell prompt. At that point, download something else that exploits you to root - if you even *need* to, as quite often the Good Stuff is readable by non-root users.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient Juan Sacco (Apr 28)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient Mario Vilas (Apr 28)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient Valdis . Kletnieks (Apr 28)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient ichib0d crane (Apr 28)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient ghost (Apr 28)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient ichib0d crane (Apr 28)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient -= Glowing Doom =- (Apr 29)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient Cal Leeming (Apr 29)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient Valdis . Kletnieks (Apr 28)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient Mario Vilas (Apr 28)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient Mario Vilas (Apr 28)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient -= Glowing Doom =- (Apr 29)
- Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient R0me0 *** (Apr 29)