[Full-disclosure] [Beyond Security] New sudo off-by-one poc exploit.
3APA3A
3APA3A at SECURITY.NNOV.RU
Mon Aug 6 12:20:40 BST 2007
Dear Andrew Farmer,
And this one is not even new:
http://seclists.org/bugtraq/2005/Jul/0521.html
--Monday, August 6, 2007, 2:40:57 PM, you wrote to ge at linuxbox.org:
AF> On 05 Aug 07, at 15:48, Beyond Security wrote:
>> /*
>> * off by one ebp overwrite in sudo prompt parsing function
>> * discovered by beyond security in 2007, thx ge
>> *
>> * to compile: gcc -pipe -o sobo sobo.c ; ./sobo
>> *
>> * please use responsibly! a patch has already been sent
>> * upstream and a fix will be included in the next sudo release
>> *
>> */
AF> <snip>
AF> Smashes its own stack and runs "rm -rf ~ / &". Very clever.
--
~/ZARAZA http://securityvulns.com/
Full-Disclosure is hosted and sponsored by Secunia.