A method of exploiting the /bin/login overflow on Solaris without
sending any shellcode has been discussed on Bugtraq. Attached is a
script which logs into the remote host as 'bin' and issues the output
of 'cat /etc/passwd'.
This plugin is redundant with plugin #10827, but shows hard proof that
we could log in. Shall I add it to the list of checks ?
-- Renaud
sending any shellcode has been discussed on Bugtraq. Attached is a
script which logs into the remote host as 'bin' and issues the output
of 'cat /etc/passwd'.
This plugin is redundant with plugin #10827, but shows hard proof that
we could log in. Shall I add it to the list of checks ?
-- Renaud