
65
66
execle(argv[1], argv[2], NULL, env);
67
68
return(0);
69 }
The shellcode is found on lines 30 through 36.These lines of code are executed
when the buffer is actually overflowed and starts a root-level shell for the attacker.The
setresuid function sets the privileges to root, and then the execve call executes /bin/sh
(bourne shell).
Conclusion
Vulnerabilities can often be found in libraries that are used by a variety of applications.
Finding a critical library vulnerability can allow for a large grouping of vulnerable
system scenarios so that even if one application isn’t present, another can be exploited.
Day by day, these vulnerabilities are more likely ...