worked for me on rh 6.2 running the "new" 2.2.17-14 kernel
as well as 2.2.16-3. when will redhat (and other linux
vendors) release a new kernel package to fix this problem?
[dk ~]$ uname -a
Linux dk 2.2.17-14 #1 Mon Feb 5 18:48:50 EST 2001 i686 unknown
[dk ~]$ gcc epcs2.c
[dk ~]$ ./a.out /usr/bin/gpasswd
bug exploited successfully.
enjoy!
bash# whoami
root
bash#
cheers, h.
Viraj Alankar (2001-04-02 11:03 -0400) wrote:
# On Sat, 31 Mar 2001, Tim Yardley wrote:
#
# > As always, there are always ways to improve things. This version of the
# > exploit posted here previously overwrites the dl _start routine and doesnt
# > modify eip. This will help on stack non-exec systems and doesnt require
# > you to calculate the bss offset. I didn't test it, but this should still
# > work on a stackguard compiled program as well.
#
# This works on my RH 6.2 w/ 2.2.16-3. I see that Redhat released a 2.2.17
# RPM on 2/8/2001 with 'ptrace' as one of the keywords. Does anyone know if
# this RPM addresses the problem?
#
# Viraj.
#
_________________________________________________________
Helmut G. Katzgraber [EMAIL PROTECTED]
Physics Department, Kerr Hall http://debussy.ucsc.edu/
University of California Phone: (+1) 831-459-4762
Santa Cruz, CA 95064, USA Fax: (+1) 831-459-3043
