Oracle Solaris SunSSH PAM parse_user

Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow

Posted by deepcore on December 18, 2020 – 1:55 am

This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library’s username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in VirtualBox, VMware Fusion, and VMware Player. Bare metal untested. Your addresses may vary.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [webapps] WordPress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read (Metasploit) Library Management System 1.0 SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL