Buffer overflow in sperl5.003

Murphy (jtmurphy@CRAY1.ECST.CSUCHICO.EDU)
Thu, 17 Apr 1997 14:11:09 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Luyer: "Re: Buffer overflow in sperl5.003"
Previous message: David Sacerdote: "PHP/FI command line buffer overflow"
Next in thread: David Luyer: "Re: Buffer overflow in sperl5.003"

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.

--Boundary_(ID_0yzVFwlz6nDR/0MiDwDH7A)
Content-type: TEXT/PLAIN; charset=US-ASCII

Its came to my attention that there is a buffer overflow bug in
sperl5.003 that will allow local users gain root access, if SUID root.
The exploit and bug was made and brought to my attention by Willy Tarreau
(tarreau@aemiaif.ibp.fr).
Attached is the source for the exploit. Since it requires some work to
be done to the compiled exploit (Stripping of 5 byte at the begining and
end of the binary), the precompiled Linux x86 exploit can be found at
http://www.ecst.csuchico.edu/~jtmurphy/localusers.html.

PS. Have a nice a day.

-- ---------------------------------------------------------------------------- Jason T. Murphy | Finger for PGP Public Key | jtmurphy@ecst.csuchico.edu The Linux Security Home Page -> http://www.ecst.csuchico.edu/~jtmurphy Security buff, Linux Freak, PC Tech @ Chico State, and all around nice guy.

--Boundary_(ID_0yzVFwlz6nDR/0MiDwDH7A) Content-id: <Pine.LNX.3.96.970417141109.24662B@cray1.ecst.csuchico.edu> Content-type: APPLICATION/octet-stream; name=sperlexp.tgz Content-description: Content-disposition: ATTACHMENT; FILENAME=sperlexp.tgz Content-transfer-encoding: BASE64

H4sIAFcBVTMAA+1a3W7bRhb2rWf3IY6VdCW5FEXq17Wboq5joNk2sRHL6AZt kY7IkTQIf7TDoSyi6GKBvepF36WPsBd7tcA+xD7G3u05Q0p2ksJuCltG0PkS WyJneOZwZr7znUMzmwsVtbfuFNDzhkMftgBgOOybT7/XM58VPIBBt9PveF7f G2Cr7/e7W9C/W7dK5JnmCmALfyvB82v6CZVtwqHNIjPrr1XBo8g1B7c/hu95 w/416z/sDsr194eDbh/3gt8ddAZb4N2+K2/jd77+D3baY5m0dZDN2APQMwHZ TEQRJDwWIDOYyoVIYFxAXQSzFFoJuK5bB56EEOPUwViAWPJARwUMIZhxlcFM KOGgsVRBkeZ1NDbjCwE6hTgN5aQoR9E8eAVjngmYYEc6Vf/y+LAOMsm0ygMt 0wS/UwOaytJcBdhDLEXg8r1B3cWTL9IcAp5AkM4LaOeZMnciQxqpreO5cVLl iTmg82Ra8NCF0YzrOt5bmlLn1GXm3mqn6MDZMTw+gWcnIzjHr6PPn5zB6ASO nh8efQGHcPbibHT81IHPzkfw5/OzEbWNjvHzxcn587NvduhfjWVCw4JH8AgD 2dBjFzMZCWg8pFMfg9/pec1ywJEqZDIFamBr/w0H+67ndeE7t63m2rQfBFyD uXvsc7Bainp5xax+4LZFNgeMn9+xT2nsDz9kIgnZzetf8v/58eHjp8d3tceQ /4OBdw3/O70V/4fdYQdbO37Xt/zfBI5mAnmIPFUw53pmyFhtwSXCgXweco2h QFdshCxQEnflVckgpjFimtQu0ZI4nwgRAgcKLERIatUzDCjl5S6cmOhgCFxe CTFPcjRZuOwkgbiADixwyjEOZA6sWeEbVl+SxKEriRi5FhmOp9JUVyGMa4b8 67qMjdBtwbNCYMC64MVr/uB/PMxkPMcQpos5RpmYvxJ1F55QjDiN8mnrWes0 wsv2W03GHqdJHa2kShXAx2muzaTUMjGNRaK5iVsTnke6RgGwNiHum2CKgQai NJnWIBZZxqcic8kxtKKwR6piDA+ZTDDMXcZHdE6JCyW1xiC8w9hXEucHRuVW Zazas59yEUsuJ64cz92J+hWsv0TJ/6d4x+Tp3ewx4n/vGv73r+h/x+8T/4de 1/J/E0DC7QNpBynNSmDYtvtaSshYEAme7LNtFUNrsu6/66aw+zcUYCUYe2CA ujxCocf9tLbmvJkGIPf2AXi2N4DWeN0NVuKOJojjyILyUqRAnC5KWvRhIhWy mDr0IeKUgRTE/AuJwYsD2uFITBFKjexrjAVfNNHeE5irdCHDiltlNkF5islK yFkaJ09CXGNNtmfpBQUWpPkrpCnd1TvCMPWdmHg/KPmPC+oGdzbGDfzvdHqX /B/2u8T/Tqdv+b8JtHdvDW3W3gU44lGQR5QyXMrYPJWJFooS03yV76O0ISen iscunBnZQ76FqchIXqEytiAyYxZQYLERYHKi0hjSRKyuJPbyJMWBFCX3a36T 3JocwDHHlTEldK4SzEpKNyjzwOoF1zVcRQ9TEPAgyBUPCioTBKDAz1HjKVFI sMfasyrQTEi3MeFIcSD8xFuozAZpgim7SPAnvOomFjeU81eojGFnzWVCDRwn S5kkIp3g+VC48BVXpmlnx3hUer++GarCzJStjJkoy5OCDEidQa+KkFSVoCOe Q3kJxTaMUOQp+lvHWoG6l85h6rM2tqqx5pT/lLOkpguTMeVjjdOEobjySKdX CzuBMyOoeiTPK2PSOJDpECfVfdeAukZl7Hbw24yVadgvG7tFOrEHyIsox139 MU6aTN3ZJ4xllGMGuBsjiUSYClzaeaMJ3zOAly95Fr982cAMM11E8AG2OB8I voRa84D9wFiMewwaSEVaxMAx5Trs7tKKlgYoPUUVzOSUdhZefoAnqX8oAh49 8uiQzkygQRY+8ZtVC9eppFOLr/1vm1UvvPzRyr2W6UYNE8pmReNP5FvP8Z1y NzSvbfrhPdDR9xWl/mMyd3/67/e6w3X93xl4Rv+79vnfRnCLAWt3F0mMEnWp 7KuyGkvLKINVrVw+UkzyeIx6iKpj5MmFzwoMJqZyNqpNtqiFpNdb9nxo1A/r TbiYSUwEsOJQGCbSJMxQzhLSMMowIjg6PSeNqWHgBBEsa1TFk6UgzaOwlMax oAeaQlNCgl1xXeHZySk0vOVHXtOBsfESB6XoiPpGqYXJSf6aY3QiW3MUSc3H ERUS5rlIhuW7Ng8YjL6JSAQmFUjXD0xoSPP4AC8/TIoLXjhQe/LsCI6P/lJb Zz2YSdBwVH+sTqETybTMaigZqGfoOd6FxArGIWPkwYSShmrCx4onwUxkq4c1 sQxDdBRnmfITZ5WgmKcfpP/UB8XfJVvst+kgu80dhKL3i6pH0nWdclGTrISH 8suGfEOT5IFslfOPC5hrMtCgbdU8AMAMoNovJOGoXEupG97vQ3iq+q8qve9m jJue//hDbxX/+/2eef7T92z83wi2MVWkne9gOGXbS6QOJowO/rDteZ7NwHyL BAcxXjpfY6fW8Fu2zUOTHjp+52q38tsYvxmjIdoJqgMeOb7Ptomm3nLPY9v3 fd8WJa7wH0vauxnjJv5D9fefbr8zMLHA79i//24IP/7X/+fpT988/N8//vXH 07Mf//3zH/7z9/v2yWJzeO39j6lIhJK3Xgje9P5Hf9i78v5Pj1p9r2P5vwlc ff/j8r2Fj/befm3BW7220Erg+enIvJYA++zh7q95T4HewLjmPYUrb0y8PXSn t5mhcZg3h+7t3eXQ9732FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYW FhYWFhYWFhYW7yf+D4S0HUYAUAAA

--Boundary_(ID_0yzVFwlz6nDR/0MiDwDH7A)--

Next message: David Luyer: "Re: Buffer overflow in sperl5.003"
Previous message: David Sacerdote: "PHP/FI command line buffer overflow"
Next in thread: David Luyer: "Re: Buffer overflow in sperl5.003"