[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit

To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
From: GARCIA Lionel <lionel.garcia@airbus.com>
Date: Fri, 24 Oct 2003 16:25:17 +0200

This line seems suspicious. Don't know the purpose of the shellcode, but I
won't try it.

   /* connect to the bindshell */
   printf("Trying to connect, please wait...\n");

--->   void(*sleep)()=(void*)sc;sleep(5);   <------- Hummm :-\
   if(give_me_a_shell(addr) < 0)

     {
      fprintf(stderr, "Sorry, exploit didn't work.\n");
      return(-1);

The shellcode seems to be locally launched. Anybody to "decrypt" the
shellcode ?



> -----Message d'origine-----
> De : Andreas Gietl [mailto:a.gietl@e-admin.de]
> Envoyé : vendredi 24 octobre 2003 15:36
> À : Jean-Kevin Grosnakeur; full-disclosure@lists.netsys.com
> Objet : Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
> 
> 
> On Friday 24 October 2003 14:22, Jean-Kevin Grosnakeur wrote:
> 
> this seems to delete sth on the local harddisk. anybody else 
> seeing this 
> effect?
> 
> > Ladies and gentlemen, here's the source code of the exploit 
> for the latest
> > release of ProFTPD. This is a Zero-Day private exploit, please DON'T
> > REDISTRIBUTE. I will not take responsibility for any 
> damages which could
> > result from the usage of this exploit, use it at your own risk.
> >
> > 
> --------------------------------------------------------------
> ------------
> >
> > Have fun ! @+
> >
> > _________________________________________________________________
> > MSN Messenger 6  http://g.msn.fr/FR1001/866 : plus de 
> personnalisation,
> > plus de fun pour vous et vos amis...
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> -- 
> e-admin internet gmbh
> Andreas Gietl                                            tel 
> +49 941 3810884
> Ludwig-Thoma-Strasse 35                      fax +49 
> (0)1805/39160 - 29104
> 93051 Regensburg                                  mobil +49 
> 171 6070008
> 
> PGP/GPG-Key unter http://www.e-admin.de/gpg.html
> 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> This mail has originated outside your organization,
> either from an external partner or the Global Internet. 
> Keep this in mind if you answer this message.
>

Follow-Ups:
- Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
  - From: Philipp Buehler <pb+full-disclosure@mlsub.buehler.net>

Prev by Date: Re: [inbox] Re: [Full-Disclosure] RE: Linux (in)security
Next by Date: RE: [inbox] Re: [Full-Disclosure] RE: Linux (in)security
Previous by thread: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
Next by thread: Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
Index(es):
- Date
- Thread