The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Buffer overflow in sperl5.003 (fwd)

To: security@debian.org
Subject: Re: Buffer overflow in sperl5.003 (fwd)
From: Thomas Koenig <ig25@mvmap66.ciw.uni-karlsruhe.de>
Date: Fri, 18 Apr 1997 17:03:55 +0200 (MET DST)
Delivered-to: bruce-lists--debian-private@lists.debian.org
Delivered-to: security@debian.org
Reply-to: Thomas.Koenig@ciw.uni-karlsruhe.de (Thomas König)
Resent-cc: recipient list not shown: ;
Resent-date: 18 Apr 1997 16:04:15 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"xz64c.0.n67.-jvLp"@debian>
Resent-sender: debian-private-request@lists.debian.org

----- Forwarded message from David Luyer -----

>From owner-bugtraq@NETSPACE.ORG  Fri Apr 18 13:56:55 1997
Approved-By: aleph1@UNDERGROUND.ORG
Message-ID:  <Pine.LNX.3.95q.970418111027.29771O-100000@typhaon.ucs.uwa.edu.au>
Date:         Fri, 18 Apr 1997 11:12:04 +0800
Reply-To: David Luyer <luyer@UCS.UWA.EDU.AU>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: David Luyer <luyer@UCS.UWA.EDU.AU>
Subject:      Re: Buffer overflow in sperl5.003
X-To:         Murphy <jtmurphy@CRAY1.ECST.CSUCHICO.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <Pine.LNX.3.96.970417140348.24662A-101000@cray1.ecst.csuchico.edu>

On Thu, 17 Apr 1997, Murphy wrote:
> Attached is the source for the exploit. Since it requires some work to
>be done to the compiled exploit (Stripping of 5 byte at the begining and
>end of the binary), the precompiled Linux x86 exploit can be found at
>http://www.ecst.csuchico.edu/~jtmurphy/localusers.html.

Note that the exploit tries offsets of 1170 to 1240.  Debian Linux with
sperl5.00307 requires a value of 1169 (and is vulnerable).

David.

----- End of forwarded message from David Luyer -----

-- 
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Prev by Date: Buffer overflow in sperl5.003 (fwd)
Next by Date: Re: Site you lot might want to bust
Previous by thread: Buffer overflow in sperl5.003 (fwd)
Next by thread: FWD: Buffer overflow in sperl5.003
Index(es):
- Date
- Thread