Gobbles exploit for ipppd which is part of the isdn4linux-utils package and is part of the default install of many linux distributions. Under Suse 8.0, ipppd is installed suid root but can only be run by users in the group "dialout". The exploit works on a syslog(3) format string problem: syslog(LOG_NOTICE,devstr). This code is normally only reached with a valid device string but if you feed ipppd a devicename that is >= 256 bytes it will merrily proceed to log this string using the faulty syslog(3) call. Subsequently handing over root access to the machine.
e290a9d199b6083a44c4fb80139472fd60f466a8f4698bdd4662f2cdc26abbfdThis exploit was designed as a proof-of-concept application to show how the vulnerable Win32 Messaging System fails to authenticate a source of a message. This particular application was designed to be used against Network Associates VirusScan v4.5.1 running on Win2k Professional. Microsoft VP Jim Allchin stated under oath that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. This is the exploitation that was being referenced. Please reference the white paper for more information.
ef99e3104bee25d285a528f0ce8d190cfd20db1a833fe71d8fe25edaea3d71d3This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper are, at the time of writing, unfixable. The only reliable solution to these attacks requires functionality that is not present in Windows, as well as efforts on the part of every single Windows software vendor. This paper documents Next-Generation Win32 exploits being based off of fundamental API flaws.
e6db69645f9bab587c9ae93bf6270d1e2f76d72cd700fd1a238cd11736e74682
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed