Re: [xforce@xxxxxxx: ISSalert: ISS Advisory: Buffer Overflow in /bin/login]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: bugtraq@securityfocus.com
Subject: Re: [xforce@iss.net: ISSalert: ISS Advisory: Buffer Overflow in /bin/login]
From: wietse@porcupine.org (Wietse Venema)
Date: Wed, 12 Dec 2001 19:07:07 -0500 (EST)
In-reply-to: <20011212142920.Z1877@seki.acs.uci.edu> "from Dan Stromberg at Dec12, 2001 02:29:20 pm"

Dan Stromberg:
> The CERT advisory says this is multiplatform.
> 
> Could someone give me the exploit please?  I'd like to test a woraround.

Traditionally SYSV login accepts "username name=value name=value..."
both from the command line and from stdin. It isn't hard to find out
if you can/cannot clobber process memory by specifying a sufficient
number of name=value values.

	Wietse

References:
- [xforce@xxxxxxx: ISSalert: ISS Advisory: Buffer Overflow in /bin/login]
  - From: Dan Stromberg

Prev by Date: Browsers fails on big image count
Next by Date: Re: UDP DoS attack in Win2k via IKE
Previous by thread: [xforce@xxxxxxx: ISSalert: ISS Advisory: Buffer Overflow in /bin/login]
Next by thread: Silly 'script' hardlink bug - fixed
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux