Re: ospf_monitor (Solaris 2.5)

[smm () WPI EDU (Seth Michael McGann)]

I can confirm that the version in FreeBSD 2.2.6 is indeed vulnerable, the
stack is smashed and we are root at the time :(.  Fortunately, it is not
executable by anyone but root or group ospf.  I would venture that solaris
x86 is vulnerable.  The exploit is trivial, just change the target in your
favorite local overflow and exec.

On Wed, 21 Oct 1998, Joel Eriksson wrote:

> This looks suspicious:
>
> bash$ ospf_monitor `perl -e 'print "A"x1066'`
> task_get_proto: getprotobyname("ospf") failed, using proto 89
> listening on 0.0.0.0.64527
> Segmentation Fault
>
> bash$ ls -l /usr/bin/ospf_monitor
> -rwsr-xr-x   1 root     other      61892 Sep 17  1997
> /usr/bin/ospf_monitor
>
> Has anyone succeded in exploiting this? It sure looks like a
> bufferoverflow to me..
>
> /Joel Eriksson