[10632] in bugtraq
Re: Solaris libc exploit
daemon@ATHENA.MIT.EDU (Doug Granzow)
Tue May 25 16:45:56 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.05.9905251506420.599-100000@gunzour.isbu.digex.net>
Date: Tue, 25 May 1999 15:13:17 -0400
Reply-To: Doug Granzow <dgranzow@DIGEX.NET>
From: Doug Granzow <dgranzow@DIGEX.NET>
X-To: Wyman Eric Miles <wymanm@IS.RICE.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.GSO.3.96.990525092909.23555C-100000@is.rice.edu>
From the testing I've done, the original exploit posted by UNYUN only
works on unpatched 2.6 systems, but acpizer's modification, which allows
you to specify an offset, works on any 2.6 or 2.7 system if you use the
right offset. I found that using an offset of (I believe) 7144 works on a
2.6 system with patch 105210-19 installed.
Doug
On Tue, 25 May 1999, Wyman Eric Miles wrote:
> Correct me if I'm wrong, but doesn't 105210-06 or higher address this
> under 2.6? I've been unable to get the exploit to work on any patched
> system, though it works nicely on any architecture I've tried which
> doesn't have the patch.
>
> Wyman
