[12297] in bugtraq
Re: amd remote root exploit code
daemon@ATHENA.MIT.EDU (Crispin Cowan)
Wed Oct 20 17:18:05 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <380E0A53.B5BABE58@cse.ogi.edu>
Date: Wed, 20 Oct 1999 18:30:43 +0000
Reply-To: crispin@CSE.OGI.EDU
From: Crispin Cowan <crispin@CSE.OGI.EDU>
X-To: ohhara@postech.edu, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Taeho Oh wrote:
> This is amd remote exploit code. This is well known bug in the internet.
> It's very critical bug, please upgrade am-utils or remove it.
> begin amd-ex.c
> ----------------------------------------------------------------------
> /* Amd Buffer Overflow for x86 linux
>
> Remote user can gain root access.
>
> Tested redhat linux : 4.0, 5.1, 6.0
> Tested am-utils version : 6.0
We finally got around to testing this exploit against a StackGuarded amd. StackGuard stopped it,
producing this intrusion detection alert in syslog:
Oct 20 01:40:47 kryten amd[326]: Immunix type 1 Canary[0] = aff0d died with cadaver bffff34d in
procedure real_plog.
For clarification, this test was performed against am-utils-6.0a16-4, which was NOT patched against
the bug that this exploit attacks. This is the general point of StackGuard protection: to defend you
against bugs that you do *not* know about or have *not* patched. You can get the StackGuarded amd
here: http://immunix.org/StackGuard/RH52/RPMS/am-utils-6.0a16-4_SG12.i386.rpm
As usual, you can get StackGuard compiler and StackGuarded Linux systems at http://immunix.org
Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution: http://immunix.org
