Vulnerability Development mailing list archives
Solaris ufsroot exploit
From: job () ITSX COM (Job de Haas)
Date: Wed, 14 Jun 2000 23:53:36 +0200
Hi, I've got two questions regarding exploiting the ufsroot bug I posted about on bugtraq. First, has anyone ever looked at acurate prediction of the position of the shellcode? My idea was that this would result in more reliable exploits and even (semi-)automatic exploits. Maybe a little far fetched, especially with sparc due to the delayed register window stuff. I've always found the get_sp solution and wildly varying environments ugly. Second, would there be a way to exploit this bug with an non-executable stack? The program /usr/lib/fs/ufs/ufsrestore is a statically linked binary, resulting in a memory map with lots of 00. I looked some at it, but didn't really come up with anything. Regards, Job
Current thread:
- Cisco Catalyst switches hg/jb (Jun 12)
- Re: Cisco Catalyst switches Jeremy Guthrie (Jun 14)
- Solaris ufsroot exploit Job de Haas (Jun 14)
- Exploit code for PalmOS Aviram Jenik (Jun 14)
- <Possible follow-ups>
- Re: Cisco Catalyst switches Matthew King (Jun 13)
- Re: Cisco Catalyst switches Jay Tribick (Jun 13)
- Re: Cisco Catalyst switches Andy Murren (Jun 13)
- Re: Cisco Catalyst switches rpc (Jun 13)
- Re: Cisco Catalyst switches Rostislav Opocensky (Jun 13)
- Re: Cisco Catalyst switches Saso (Jun 13)
- Re: Cisco Catalyst switches Mudge (Jun 14)
- Re: Cisco Catalyst switches Jeremy Guthrie (Jun 14)
- Problems with: xcdroast, gatos, xkobo, xbill, iagno, ++ Elias Levy (Jun 14)
- Re: Cisco Catalyst switches Mudge (Jun 14)
(Thread continues...)