[29654] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: passlogd sniffer remote buffer overflow root exploit.

daemon@ATHENA.MIT.EDU (Dragos Ruiu)
Fri Apr 4 15:01:25 2003

From: Dragos Ruiu <dr@kyx.net>
To: "dong-h0un U" <xploit@hackermail.com>, bugtraq@securityfocus.com
Date: Thu, 3 Apr 2003 21:55:25 -0800
In-Reply-To: <20030403162444.29779.qmail@hackermail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200304032155.25120.dr@kyx.net>

On April 3, 2003 08:24 am, dong-h0un U wrote:
> Hello.
>
> Exploit confirmed possible truth in OpenBSD.
> But, I did not exploit.
> Also, did not test in RedHat 8.0.
...
> /*
> **
> ** [*] Title: Remote Multiple Buffer Overflow vulnerability in passlogd
> sniffer. ** [+] Exploit code: 0x82-Remote.passlogd_sniff.xpl.c
...

I'm a little unclear on the meaning of "truth" here, but
ProPolice will stop this exploit from working on OpenBSD 3.3 or
-current/cvs.

etoh++ :-)

cheers,
--dr

-- 
pgpkey http://dragos.com/ kyxpgp   -- http://cansecwest.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29654] in bugtraq

Re: passlogd sniffer remote buffer overflow root exploit.

daemon@ATHENA.MIT.EDU (Dragos Ruiu)Fri Apr 4 15:01:25 2003

daemon@ATHENA.MIT.EDU (Dragos Ruiu)
Fri Apr 4 15:01:25 2003