[2906] in bugtraq
Re: rdist exploit [bsdi]
daemon@ATHENA.MIT.EDU (jaeger)
Fri Jul 12 17:52:29 1996
Date: Fri, 12 Jul 1996 17:17:08 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: jaeger <jaeger@dhp.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.SUN.3.94.960712001856.14166H-100000@nova.dimensional.com>
On Fri, 12 Jul 1996, Damien Sorder wrote:
> > > Here is a quick bsd/os (should work in freebsd too, I believe) exploitation
> > > script for the rdist buffer overflow vulnerbility.
> >
> > Confirmed for FreeBSD 2.1.0-RELEASE, 2.2-960501-SNAP and
> > 2.2-960601-SNAP. Haven't tried it with the 2.1.5 release stream yet.
>
> It did NOT work on a friend's FreeBSD 2.1.0-RELEASE box. I guess it
> depends on the configuration and if the admin has done any other patching.
>
The exploit must be compiled with no optimization or it throws off
the hardcoded offsets. It indeed works on a 2.1.0-RELEASE machine. Verify
that your friend's rdist is SUID and not a replacement package of some sort.
-jaeger
