Gobbles exploit for ipppd which is part of the isdn4linux-utils package and is part of the default install of many linux distributions. Under Suse 8.0, ipppd is installed suid root but can only be run by users in the group "dialout". The exploit works on a syslog(3) format string problem: syslog(LOG_NOTICE,devstr). This code is normally only reached with a valid device string but if you feed ipppd a devicename that is >= 256 bytes it will merrily proceed to log this string using the faulty syslog(3) call. Subsequently handing over root access to the machine.
e290a9d199b6083a44c4fb80139472fd60f466a8f4698bdd4662f2cdc26abbfdEttercap v0.6.2 local root format string exploit. Works if the administrator made Ettercap SUID.
4f7b696cea2b1db223e600477d54422235560202856224be55543c7f58c4a210Berkeley finger.cgi has a remote command execution vulnerability because it does not strip out newlines.
9522938f90cc239769620d06fc8cdd679f71ea497be3e18b34ec0cfceaaf02f6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed