[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cfengine rsa heap remote exploit: part of PTjob project (fwd)
From: |
rader |
Subject: |
Re: cfengine rsa heap remote exploit: part of PTjob project (fwd) |
Date: |
Mon, 21 Feb 2005 08:31:19 -0600 |
I've got it compiled. It doesn't break into nor crash 2.1.3 on
redhat 7.3--that's the only pre-2.1.8 version I've got.
Perhaps it only works on 2.1.7p1?
(Had to fix a bug in arg parsing to get it to use the -t 5 crash
mode... should be -t arg code should be (sizeof(targets)/20)+1
instead of sizeof(targets)/28. Some elements have been removed
from struct targets[]??)
steve
- - -
> They have the version 2.1.7 coded. But I don't have a thorough
> understanding of these exploits.
>
> { "Redhat 7.3 ", "cfengine 2.1.7p1 ",0x0819f03e , 0x0811a590
> },
> { "redhat 9.0 ", "cfengine 2.1.7p1", **********, ********** },
> { "Redhat 7.2 ", "cfengine 2.17p1 ", 0x080d1c78, 0x0806d0e3
> },
> { "Redhat 7.1 ", "cfengine 2.17p1", 0x080d11e0, 0x082bc090
> },
>
> I am trying to compile it, but I get a ton of warnings. Has anyone else
> tried to verify this?