[21844] in bugtraq
Re: top format string bug exploit code (exploitable)
daemon@ATHENA.MIT.EDU (David Brownlee)
Wed Jul 25 14:10:23 2001
Date: Wed, 25 Jul 2001 17:18:42 +0100 (BST)
From: David Brownlee <abs@formula1.com>
To: SeungHyun Seo <s1980914@inhavision.inha.ac.kr>
Cc: <bugtraq@securityfocus.com>
In-Reply-To: <200107251024.f6PAOT615354@inhavision.inha.ac.kr>
Message-ID: <Pine.NEB.4.33.0107251717271.16903-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 25 Jul 2001, SeungHyun Seo wrote:
> It still seems to be affected under 3.5beta9 (including this version)
> someone said it's not the problem of exploitable vulnerability about 8 month ago ,
> but it's possible to exploit though situation is difficult.
> following code and some procedure comments demonstrate it.
>
> possible to get kmem priviledge in the XXXXBSD which is still not patched,
> possible to get root priviledge in solaris .
As regards NetBSD: I don't know about earlier versions, but 1.5
and later will be safe from this (or any other top exploit) as
the binary is not setid.
--
David/absolute abs@formula1.com
