[14202] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: dump buffer overflow

daemon@ATHENA.MIT.EDU (Lamagra Argamal)
Wed Mar 8 03:17:54 2000

Message-Id:  <20000307211432.18258.qmail@fiver.freemessage.com>
Date:         Tue, 7 Mar 2000 21:14:32 -0000
Reply-To: Lamagra Argamal <lamagra@HACKERMAIL.NET>
From: Lamagra Argamal <lamagra@HACKERMAIL.NET>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM

On FreeBSD dump has the same hole i describes in my previous post. Only it is exploitable :-)
Dump with kerberos has __atexit and __cleanup after all the other variables on the heap. By overwriting these variables you can start your shellcode.

Most of the credits should go to zen-parse who found and tested this.

-lamagra

Greets to lurux, grue, typo, jolt-freak.
http://lamagra/seKure.de

Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14202] in bugtraq

Re: dump buffer overflow

daemon@ATHENA.MIT.EDU (Lamagra Argamal)Wed Mar 8 03:17:54 2000

daemon@ATHENA.MIT.EDU (Lamagra Argamal)
Wed Mar 8 03:17:54 2000