CVE-1999-0767
published 1999-09-08CVE-1999-0767: Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
PriorityP420high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.20%
64.3th percentile
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | sunos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (5)
exploitdb·1999-05-22
CVE-1999-0767 IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (5)
IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (5)
---
/*
source: https://www.securityfocus.com/bid/268/info
A buffer overflow in libc's handling of the LC_MESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's Solaris. This vulnerability allows local users to gain root privileges.
*/
/*============================================================
ex_lobc.c Overflow Exploits( for Sparc Edition)
The Shadow Penguin Security
(http://base.oc.to:/skyscraper/byte/551)
Written by UNYUN ([email protected])
*/
#define EV "LC_MESSAGES="
#define ADJUST 0
#define OFFSET 5392
#define STARTADR 400
#define NOP 0xa61cc013
#define RETS 600
char x
Exploit-DB
IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (1)
exploitdb·1999-05-22
CVE-1999-0767 IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (1)
IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (1)
---
source: https://www.securityfocus.com/bid/268/info
A buffer overflow in libc's handling of the LC_MESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's Solaris. This vulnerability allows local users to gain root privileges.
#!/bin/ksh
L=3000
STEP=34
MAX=16000
while [ $L -lt $MAX ]
do
./a.out $L
L=`expr $L + $STEP`
done
Exploit-DB
IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (3)
exploitdb·1999-05-22
CVE-1999-0767 IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (3)
IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (3)
---
/*
source: https://www.securityfocus.com/bid/268/info
A buffer overflow in libc's handling of the LC_MESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's Solaris. This vulnerability allows local users to gain root privileges.
*/
/*============================================================
ex_lobc.c Overflow Exploits( for Sparc Edition)
The Shadow Penguin Security
(http://base.oc.to:/skyscraper/byte/551)
Written by UNYUN ([email protected])
offsets for 2.7/SPARC: 7144, 7152, 7160, 7168, and more...
offset for 2.6/SPARC: 5392
*/
#define EV "LC_MESSAGES="
#define ADJUST 0
Exploit-DB
IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (2)
exploitdb·1999-05-22
CVE-1999-0767 IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (2)
IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/268/info
A buffer overflow in libc's handling of the LC_MESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's Solaris. This vulnerability allows local users to gain root privileges.
/*
AIX 4.2/4.1 LC_MESSEGAS /usr/sbin/mount exploit by Georgi Guninski
DISCLAIMER
This program is for educational purpose ONLY. Do not use it without
permission.
The usual standard disclaimer applies, especially the fact that Georgi
Guninski
is not liable for any damages caused by direct or indirect use of
the information or functionality provided by
Exploit-DB
IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (4)
exploitdb·1999-05-22
CVE-1999-0767 IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (4)
IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (4)
---
// source: https://www.securityfocus.com/bid/268/info
A buffer overflow in libc's handling of the LC_MESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's Solaris. This vulnerability allows local users to gain root privileges.
#include
/* arpexp.c
arp overflow proof of concept by [email protected]
shellcode originally written by Cheez Whiz.
tested on x86 solaris 7,8beta
default should work. if not, arg1 = offset. +- by 100's
Except for shellcode, copyright Security-Focus.com, 11/2000
*/
long get_esp() { __asm__("movl %esp,%eax"); }
int main(int ac, char **av)
{
No writeups or analysis indexed.
1999-09-08
Published