dtlogin (CDE) arbitrary free exploit v1.44 Vulnerability exploited: CAN-2004-0368 - BID-9958 Category: Exploits/Remote Exploits an arbitrary free vulnerability in dtlogin service This exploit uses an arbitrary free vulnerability in dtlogin service in CDE on Solaris to overwrite the entire stack with pointers to the code for a level0 agent. It has a first stage where it (hopefully) fills all holes in the heap of the target process (abusing a bug in libXdmcp), and then it enters a loop, where, with 7 UDP packets per address, it fills the stack with valid pointers, which are supplied by dtlogin itself. Supported Systems: Solaris 9 (sun4u) Solaris 7 (sun4m) Solaris 8 (sun4m) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.