[15598] in bugtraq
Re: WuFTPD: Providing *remote* root since at least1994
daemon@ATHENA.MIT.EDU (Lamagra Argamal)
Sun Jul 2 15:01:54 2000
Message-Id: <20000701104113.621.qmail@fiver.freemessage.com>
Date: Sat, 1 Jul 2000 10:41:13 -0000
Reply-To: Lamagra Argamal <lamagra@HACKERMAIL.NET>
From: Lamagra Argamal <lamagra@HACKERMAIL.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
On Thu, 29 Jun 2000 11:20:59 -0700 Eric Hines <eric.hines@NUASIS.COM> wrote:
>Has anyone come out with a working version of this exploit script. Both
>versions provided on the securityfocus.com web site, and or the one distributed
>here by TF8 is not working, even after I fixed his code. Do we know for sure
>the thing even exists.. I dunno, can anyone direct me to the actual code,
>because I have yet to see a working version of it that doesn't CORE dump.
>Please advise.
>
>Eric
This is probably the result of your glibc version.
All released exploits use the %.<number>d technique to increase the number of written bytes to a very large number eg. decimal(0x08048123). Older versions of glibc just crash here, try printf("%.2000d",5); new versions like the one on RedHat 6.2 doesn't and produces the last number of bytes (even when snprintf() is used).
-lamagra
Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41
