[21322] in bugtraq
Re: Solaris mailtool exploit
daemon@ATHENA.MIT.EDU (Toby DiPasquale)
Tue Jul 3 14:17:59 2001
Date: Mon, 2 Jul 2001 19:55:21 -0400 (EDT)
From: Toby DiPasquale <anany@ece.villanova.edu>
To: "kernel51@libertysurf.fr" <kernel51@libertysurf.fr>
Cc: bugtraq@securityfocus.com
In-Reply-To: <GFUR68$ICZKB7IannXSjGiGLUNMaOKLjlkDRGQ7HWB3B7ISJf0lIjA6B@libertysurf.fr>
Message-ID: <Pine.SV4.3.95.1010702195343.24237B-100000@acadia.ee.vill.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Guys,
This script did not work for me. I am running Solaris 8 on a Blade
100. I got the following messages when trying to run this exploit.
%gcc mailt00l.c
ld: warning: symbol `nop' has differing types:
(file /tmp/.anany/cc1u5gXu.o type=OBJT; file /usr/lib/libc.so
type=FUNC);
/tmp/.anany/cc1u5gXu.o definition taken
%./a.out
Archi: Sun Sparc
Using address: 0xffbef460
Now running: /usr/openwin/bin/mailtool
mailtool: Could not initialize Tool Talk: TT_ERR_PTYPE (1045): Undefined
process type
Segmentation fault
%uname -a
SunOS xxx.xxx.xxx 5.8 Generic_108528-06 sun4u sparc SUNW,Sun-Blade-100
0100001101000010010000110100011101110101
Tobias DiPasquale
-Solaris Systems Administrator-
Villanova University ECE Dept. (www.ece.vill.edu)
-Applications Engineering Consultant-
CyberSoft, Inc. (www.cybersoft.com)
mailto: anany@ece.vill.edu
0100001101000010010000110100011101110101
On Mon, 2 Jul 2001, kernel51@libertysurf.fr wrote:
> Hello,
>
> Here is a Solaris 8 (x86 and sparc) exploit I've coded
> lately, out of an advisory dealing with a bug in the
> mailtool utility (see the header of the attached .c file,
> it says everything). As far as I know, such an exploit
> has not been released so far.
> Cheers :)
>
> 51
>
> --------------
> Profitez de l'offre spéciale Liberty Surf !
> 50 h / 95 F TTC par mois tout compris pendant 3 mois
> http://register.libertysurf.fr/subscribe_fr/signup.php3
>
