about one month ago, I posted here a generic exploit for buffer
overflows on SunOS 4. I didn't find a real bug which could be exploited in
a standard application so my exploit applied only to my own programs.
Now, I succeeded in getting a root shell using the X11 ressource manager
bug ('xterm -xrm xxxxxxxxxxxxxxxxxxx...xxxxxxxxx'), which isn't new, but
demonstrates that my exploit really works.
As I saw, there aren't many buffer overflow exploits for SunOS, perhaps
because of some complications.
My package includes a script which can automatically try several stack
offsets, which could be useful when testing a wrapper in development.
You can retrieve this on my web page:
http://www-miaif.lip6.fr/willy/security/sunos.html
Hope this can help somebody...
Willy Tarreau
-- +---------------+------------------------+----------------------------------+ | Willy Tarreau | tarreau@aemiaif.lip6.fr | http://www-miaif.lip6.fr/willy/ | | Magistere d'Informatique Appliquee de l'Ile de France (MIAIF), promo 97 | | DEA A.S.I.M.E. | Universite Pierre et Marie Curie (Paris 6), FRANCE | +-----------------+---------------------------------------------------------+