Re: Buffer overflow in sperl5.003

David Luyer (luyer@UCS.UWA.EDU.AU)
Fri, 18 Apr 1997 11:12:04 +0800

On Thu, 17 Apr 1997, Murphy wrote:
> Attached is the source for the exploit. Since it requires some work to
>be done to the compiled exploit (Stripping of 5 byte at the begining and
>end of the binary), the precompiled Linux x86 exploit can be found at
>http://www.ecst.csuchico.edu/~jtmurphy/localusers.html.

Note that the exploit tries offsets of 1170 to 1240. Debian Linux with
sperl5.00307 requires a value of 1169 (and is vulnerable).

David.