ttdbserverd xdr_array() exploit v1.19 Vulnerability exploited: CVE-2002-0391 - BID-5356 Category: Exploits/Remote Exploits an integer overflow vulnerability in the xdr library through rpc.ttdbserverd. The exploit sends a TT_CREATE_FILE request with an invalid argument specially crafted to trigger an integer overflow. After that it forces the target application (rpc.ttdbserverd) to overwrite the _PROCEDURE_LINKAGE_TABLE_ with a long cushion of NOPs followed by the code of the level0 agent.The bruteforcing works by incrementing the target address (possible address of the _PROCEDURE_LINKAGE_TABLE_) by the size of the NOP cushion on each try. This is attempted for a maximum of 30 tries, although in our tests no more than 10 tries were ever required.After successful exploitation a level0 agent will be installed. The process being exploited is usually run as root. Supported Systems: Solaris 7 (sun4m) Solaris 7 (sun4u) Solaris 8 (sun4u) Solaris 9 (sun4u) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.