Multiple Vendor Locale Subsystem Format String Vulnerability

Multiple Vendor Locale Subsystem Format String Vulnerability

For an in depth conversation of this problem with example code included please see the attched 'Credit' messages.

Warning3@nsfocus.com has contributed an exploit for Solaris machines (he exploited eject) on sparc architecture.

Mariusz Woloszyn <emsi@ipartners.pl> submitted an exploit against su that bypasses Stackguard.

Guido Bakker <guidob@mainnet.nl> has submitted an additional exploit.

zenith parsec <zenith_parsec@the-astronaut.com> submitted an exploit as well.

Warning3 <warning3@mail.com> submitted an exploit against Solaris 2.6/7 Sparc systems with the no-exec stack patch installed.

Doing <jdoing@bigfoot.com> submitted an exploit for RedHat 6.1/6.2/SuSE 6.2.

/data/vulnerabilities/exploits/locale.c
/data/vulnerabilities/exploits/locale-red.c
/data/vulnerabilities/exploits/locale-n.c
/data/vulnerabilities/exploits/zennktb.c
/data/vulnerabilities/exploits/33su.c
/data/vulnerabilities/exploits/loc-expssparc.c
/data/vulnerabilities/exploits/local_nonexec_sun.c
/data/vulnerabilities/exploits/su-exp.c
/data/vulnerabilities/exploits/magik-locale.c