[21999] in bugtraq
Re: ADV/EXP:pic/lpd remote exploit - RH 7.0
daemon@ATHENA.MIT.EDU (iG0R)
Mon Jul 30 02:18:10 2001
Content-Type: text/plain;
charset="koi8-r"
From: iG0R <igor@bs.volga.ru>
To: bugtraq@securityfocus.com
Date: Mon, 30 Jul 2001 08:21:36 +0500
In-Reply-To: <20010729085702.3522.qmail@securityfocus.com>
MIME-Version: 1.0
Message-Id: <01073008213600.01098@adminsys>
Content-Transfer-Encoding: 8bit
On 29 July 2001 13:57, you wrote:
> It seems that some releases aren't affected. Can anyone confirm these ones:
> Mandrake 8 groff 1.16.1
> RedHat 6.2 groff 1.15 ?
>
> I can confirm it works indeed on RedHat 5.2 and 6.1 (default distro).
Mandrake 8.0 are vulnerable with groff-1.16.1-7mdk and safe_address 0x8075fab
1: x/i $eip 0x805683c <strcpy+55720>: jmp *0x8066b50(,%edx,4)
(gdb)
0x08056853 in strcpy ()
1: x/i $eip 0x8056853 <strcpy+55743>: mov $0x1,%edx
(gdb)
0x08056858 in strcpy ()
1: x/i $eip 0x8056858 <strcpy+55748>: mov %edx,0x8075fac
(gdb)
0x0805685e in strcpy ()
1: x/i $eip 0x805685e <strcpy+55754>: jmp 0x8056975 <strcpy+56033>
(gdb)
