1 May 2011 13:28
Re: Insect Pro - Advisory 2011 0428 - Zero Day - Heap Buffer Overflow in xMatters APClient
root <root_ <at> fibertel.com.ar>
2011-05-01 11:28:07 GMT
2011-05-01 11:28:07 GMT
This is not simply wrong, this is medically wrong. On 04/29/2011 12:43 AM, Mario Vilas wrote: > Precisely. The poc triggers the bug by passing a very long command line > argument, so it's assumed the attacker already has executed code. The only > way this is exploitable is if the binary has suid (then the attacker can > elevate privileges) or the command can be executed remotely (and the > attacker additionaly cannot execute any other commands, but can mysteriously > control the arguments). Unless either scenario is researched (and nothing in > the advisory tells me so) I call bullshit. > > On Thu, Apr 28, 2011 at 6:09 PM, <Valdis.Kletnieks <at> vt.edu> wrote: > >> On Thu, 28 Apr 2011 14:40:22 -0300, Mario Vilas said: >> >>> Is the suid bit set on that binary? Otherwise, unless I'm missing >> something >>> it doesn't seem to be exploitable by an attacker... >> >> Who cares? You got code executed on the remote box, that's the *hard* >> part. >> Use that to inject a callback shell or something, use *that* to get >> yourself a shell >> prompt. At that point, download something else that exploits you to root - >> if >> you even *need* to, as quite often the Good Stuff is readable by non-root >> users. >> > >(Continue reading)
RSS Feed