The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Buffer overflow in sperl5.003 (fwd)

To: security@debian.org
Subject: Buffer overflow in sperl5.003 (fwd)
From: Thomas Koenig <ig25@mvmap66.ciw.uni-karlsruhe.de>
Date: Fri, 18 Apr 1997 17:03:14 +0200 (MET DST)
Delivered-to: bruce-lists--debian-private@lists.debian.org
Delivered-to: security@debian.org
Reply-to: Thomas.Koenig@ciw.uni-karlsruhe.de (Thomas König)
Resent-cc: recipient list not shown: ;
Resent-date: 18 Apr 1997 16:03:36 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"RibHZ.0.o37.OjvLp"@debian>
Resent-sender: debian-private-request@lists.debian.org

There was some Mime-trouble, but I hope you get this ok.  I haven't tested
this myself.

----- Forwarded message from Murphy -----

>From owner-bugtraq@NETSPACE.ORG  Fri Apr 18 11:26:54 1997
Approved-By: aleph1@UNDERGROUND.ORG
Message-ID:  <Pine.LNX.3.96.970417140348.24662A-101000@cray1.ecst.csuchico.edu>
Date:         Thu, 17 Apr 1997 14:11:09 -0700
Reply-To: Murphy <jtmurphy@CRAY1.ECST.CSUCHICO.EDU>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Murphy <jtmurphy@CRAY1.ECST.CSUCHICO.EDU>
Subject:      Buffer overflow in sperl5.003
To: BUGTRAQ@NETSPACE.ORG


 Its came to my attention that there is a buffer overflow bug in
sperl5.003 that will allow local users gain root access, if SUID root.
 The exploit and bug was made and brought to my attention by Willy Tarreau
(tarreau@aemiaif.ibp.fr).
 Attached is the source for the exploit. Since it requires some work to
be done to the compiled exploit (Stripping of 5 byte at the begining and
end of the binary), the precompiled Linux x86 exploit can be found at
http://www.ecst.csuchico.edu/~jtmurphy/localusers.html.

PS. Have a nice a day.

--
----------------------------------------------------------------------------
Jason T. Murphy |  Finger for PGP Public Key  | jtmurphy@ecst.csuchico.edu
  The Linux Security Home Page -> http://www.ecst.csuchico.edu/~jtmurphy
Security buff, Linux Freak, PC Tech @ Chico State, and all around nice guy.

Content-Description: 

[application/octet-stream is not supported, skipping...]

----- End of forwarded message from Murphy -----

-- 
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.

Attachment: sperlexp.tgz
Description: sperlexp.tgz

Prev by Date: Re: Is anybody watching bugtraq?
Next by Date: Re: Buffer overflow in sperl5.003 (fwd)
Previous by thread: Re: Is anybody watching bugtraq?
Next by thread: Re: Buffer overflow in sperl5.003 (fwd)
Index(es):
- Date
- Thread