[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] ALERT UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)

Subject: Re: [cobalt-developers] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
From: jale@xxxxxxxxxx
Date: Thu Aug 23 03:06:04 2001
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>


Attack Scenarios:

  An attacker with local access must determine the memory offsets of  the
  program's internal tTdvect variable and the location to which he or she
  wishes to have data written.

  The attacker must  craft  in  architecture  specific  binary  code  the
  commands (or 'shellcode') to be executed with  higher  privilege.   The
  attacker must then run the program, using the '-d' flag to overwrite  a
  function return address with the location of the supplied shellcode.

Well that doesn't sound very scary - unless you don't trust your own users.We don't have one user that could write architecture specific binary code,other than myself and my director of programming.


Out of JALE on the this one.

Prev by Date: RE: [cobalt-developers] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
Next by Date: [cobalt-developers] Upgrading Jakarta-Tomcat
Previous by thread: [cobalt-developers] Apache 1.3.20 upgrade list of supported packages?
Next by thread: [cobalt-developers] Upgrading Jakarta-Tomcat

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index

Re: [cobalt-developers] *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)

Re: [cobalt-developers] ALERT UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)