help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfengine rsa heap remote exploit: part of PTjob project (fwd)


From: rader
Subject: Re: cfengine rsa heap remote exploit: part of PTjob project (fwd)
Date: Mon, 21 Feb 2005 08:31:19 -0600

I've got it compiled.  It doesn't break into nor crash 2.1.3 on
redhat 7.3--that's the only pre-2.1.8 version I've got.

Perhaps it only works on 2.1.7p1?

(Had to fix a bug in arg parsing to get it to use the -t 5 crash
mode... should be -t arg code should be (sizeof(targets)/20)+1
instead of sizeof(targets)/28.  Some elements have been removed
from struct targets[]??)

steve
- - -

 > They have the version 2.1.7 coded.  But I don't have a thorough
 > understanding of these exploits.
 > 
 >          { "Redhat 7.3 ", "cfengine 2.1.7p1  ",0x0819f03e , 0x0811a590
 > },
 >          { "redhat 9.0  ", "cfengine 2.1.7p1", **********, ********** },
 >          { "Redhat  7.2  ", "cfengine 2.17p1 ", 0x080d1c78, 0x0806d0e3
 > },
 >          { "Redhat 7.1     ", "cfengine 2.17p1", 0x080d11e0, 0x082bc090
 > },
 > 
 > I am trying to compile it, but I get a ton of warnings.  Has anyone else
 > tried to verify this?




reply via email to

[Prev in Thread] Current Thread [Next in Thread]