[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] ntpd stack evasion exploit

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] ntpd stack evasion exploit
From: Przemyslaw Frasunek <venglin@xxxxxxxxxxxxxxxxx>
Date: Tue, 10 Jan 2006 20:39:49 +0100

!bSt bitwarz Security Team napisaÅ(a):
> /* ntpd remote root no-exec stack evasion spl0it
>  * by m0sk0v

well... stolen code from my exploit (and advisory) published almost five
years ago on bugtraq. only comments and printfs where changed.

http://marc.theaimsgroup.com/?l=bugtraq&m=98642418618512&w=2

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NICHDL: PMF9-RIPE *
* JID: venglin@xxxxxxxxxxxxxxx ** PGP ID: 2578FCAD ** HAM-RADIO: SQ8JIV *
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] ntpd stack evasion exploit
  - From: ad@xxxxxxxxxxxxxxxx

References:
- [Full-disclosure] ntpd stack evasion exploit
  - From: !bSt bitwarz Security Team

Prev by Date: [Full-disclosure] mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation.
Next by Date: [Full-disclosure] [ GLSA 200601-05 ] mod_auth_pgsql: Multiple format string vulnerabilities
Previous by thread: [Full-disclosure] ntpd stack evasion exploit
Next by thread: Re: [Full-disclosure] ntpd stack evasion exploit
Index(es):
- Date
- Thread