Re: Buffer overflow in sperl5.003

David Luyer (luyer@UCS.UWA.EDU.AU)
Fri, 18 Apr 1997 11:12:04 +0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "[NTSEC] ALERT - NT security flaw announcement"
Previous message: Murphy: "Buffer overflow in sperl5.003"
Maybe in reply to: Murphy: "Buffer overflow in sperl5.003"
Next in thread: Jon Lewis: "Re: Buffer overflow in sperl5.003"

On Thu, 17 Apr 1997, Murphy wrote:
> Attached is the source for the exploit. Since it requires some work to
>be done to the compiled exploit (Stripping of 5 byte at the begining and
>end of the binary), the precompiled Linux x86 exploit can be found at
>http://www.ecst.csuchico.edu/~jtmurphy/localusers.html.

Note that the exploit tries offsets of 1170 to 1240. Debian Linux with
sperl5.00307 requires a value of 1169 (and is vulnerable).

David.

Next message: Aleph One: "[NTSEC] ALERT - NT security flaw announcement"
Previous message: Murphy: "Buffer overflow in sperl5.003"
Maybe in reply to: Murphy: "Buffer overflow in sperl5.003"
Next in thread: Jon Lewis: "Re: Buffer overflow in sperl5.003"