[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [Beyond Security] New sudo off-by-one poc exploit.

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] [Beyond Security] New sudo off-by-one poc exploit.
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Mon, 6 Aug 2007 15:20:40 +0400

Dear Andrew Farmer,

And this one is not even new:

http://seclists.org/bugtraq/2005/Jul/0521.html

--Monday, August 6, 2007, 2:40:57 PM, you wrote to ge@xxxxxxxxxxxx:

AF> On 05 Aug 07, at 15:48, Beyond Security wrote:
>> /*
>>  *  off by one ebp overwrite in sudo prompt parsing function
>>  *  discovered by beyond security in 2007, thx ge
>>  *
>>  *  to compile: gcc -pipe -o sobo sobo.c ; ./sobo
>>  *
>>  *  please use responsibly! a patch has already been sent
>>  *  upstream and a fix will be included in the next sudo release
>>  *
>>  */
AF> <snip>

AF> Smashes its own stack and runs "rm -rf ~ / &". Very clever.

-- 
~/ZARAZA http://securityvulns.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] [Beyond Security] New sudo off-by-one poc exploit.
Next by Date: Re: [Full-disclosure] intrusion kit
Previous by thread: Re: [Full-disclosure] joe jobs on FD and OpenBSD
Next by thread: [Full-disclosure] [SECURITY] [DSA 1350-1] New tetex-bin packages fix arbitrary code execution
Index(es):
- Date
- Thread