subject:"\[Full\-disclosure\] \[Beyond Security\] New sudo off\-by\-one poc exploit."

Re: [Full-disclosure] [Beyond Security] New sudo off-by-one poc exploit.

2007-08-06 Thread 3APA3A

Dear Andrew Farmer, And this one is not even new: http://seclists.org/bugtraq/2005/Jul/0521.html --Monday, August 6, 2007, 2:40:57 PM, you wrote to [EMAIL PROTECTED]: AF> On 05 Aug 07, at 15:48, Beyond Security wrote: >> /* >> * off by one ebp overwrite in sudo prompt parsing function >> *

Re: [Full-disclosure] [Beyond Security] New sudo off-by-one poc exploit.

2007-08-06 Thread Andrew Farmer

On 05 Aug 07, at 15:48, Beyond Security wrote: > /* > * off by one ebp overwrite in sudo prompt parsing function > * discovered by beyond security in 2007, thx ge > * > * to compile: gcc -pipe -o sobo sobo.c ; ./sobo > * > * please use responsibly! a patch has already been sent > * upst