[Full-disclosure] *BSD banner INT overflow vulnerability
Tyop?
tyoptyop at gmail.com
Wed Nov 22 13:36:04 GMT 2006
On 11/22/06, Sean Comeau <scomeau at cansecwest.com> wrote:
> On Wed, Nov 22, 2006 at 12:25:46PM +0300, dead code crew wrote:
> >
> > %uname -sir
> > FreeBSD 6.1-RELEASE GENERIC
> > %gdb banner
> > (gdb) r -w 17000000
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x01010101 in ?? ()
>
> This doesn't crash banner on OpenBSD, and even if it did who
> cares? What would anyone accomplish by making this setuid
> root?
$ ls -l /usr/bin/banner
-r-xr-xr-x 1 root wheel 9576 Jul 5 2005 /usr/bin/banner
$
pfiuuu..
I'm safe. Thx a lot.
F34r da banner H4x0r.
--
Tyop?
Full-Disclosure is hosted and sponsored by Secunia.