[21143] in bugtraq
Re: suid scotty (ntping) overflow (fwd)
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Fri Jun 22 14:51:54 2001
Date: Thu, 21 Jun 2001 19:17:37 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: "Larry W. Cashdollar" <lwc@Vapid.dhs.org>
Cc: bugtraq@securityfocus.com
Message-ID: <20010621191737.A91804@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="OXfL5xGRrasGEqWY"
Content-Disposition: inline
In-Reply-To: <Pine.SOL.4.21.0106211036050.14183-200000@Vapid.dhs.org>; from lwc@Vapid.dhs.org on Thu, Jun 21, 2001 at 10:55:48AM -0400
--OXfL5xGRrasGEqWY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Jun 21, 2001 at 10:55:48AM -0400, Larry W. Cashdollar wrote:
>=20
> This has circulated on vuln-dev not sure if it made it here yet. Vendor=
=20
> has been notified and released a fixed version 2.1.11. =20
>=20
> My exploit:
> http://vapid.dhs.org/ntping_exp.c
>=20
> There is a much better exploit out there, but I am not sure if I have
> permission to distribute it. So I will leave that to the author.
Curious that they didn't respond when I told them about this last
August. The port has been disabled in FreeBSD since then, but I kept
on forgetting about it which is why we never followed up with an
advisory.
Kris
--OXfL5xGRrasGEqWY
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7MqrAWry0BWjoQKURAlT0AKD99In3eVQpGRyv6oDnTwXFyaCF1QCgzzKT
IqREvUQpBybNTWmmKIhMcgc=
=tIgE
-----END PGP SIGNATURE-----
--OXfL5xGRrasGEqWY--
