On 02-Mar-2000 Derek Callaway wrote: > I believe this overflow is rather difficult to exploit, (although, not > impossible) as a result of a setuid(getuid()) before the offending code it does setuid(), but NOT setgid(). still vulnerable. the major problem is how to pass valid **envp to stack and let getenv() succesfully return. probably possible by giving pointer to some valid environment in shared libs. -- * Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE * * Inet: [EMAIL PROTECTED] ** PGP: D48684904685DF43 EA93AFA13BE170BF *
- [ Hackerslab bug_paper ] Linux dump buffer over... ����� KimYongJun (99����)
- Re: [ Hackerslab bug_paper ] Linux dump bu... H D Moore
- Re: [ Hackerslab bug_paper ] Linux dump bu... Brett Lymn
- Re: [ Hackerslab bug_paper ] Linux dump bu... Eugene Teo
- Re: [ Hackerslab bug_paper ] Linux dum... Derek Callaway
- Re: [ Hackerslab bug_paper ] Linux... Przemyslaw Frasunek
- Re: [ Hackerslab bug_paper ] Linux dump bu... Derek Callaway
- Re: [ Hackerslab bug_paper ] Linux dum... Przemyslaw Frasunek
- Re: [ Hackerslab bug_paper ] Linux... Ronald Huizer
- Re: [ Hackerslab bug_paper ] Linux dump bu... Lamagra Argamal
