Bugtraq mailing list archives
[linux-security] so-called snprintf() in db-1.85.4 (fwd)
From: aleph1 () DFW NET (Aleph One)
Date: Wed, 9 Jul 1997 04:39:06 -0500
---------- Forwarded message ---------- Date: Tue, 8 Jul 1997 21:33:55 +0200 From: Thomas Roessler <roessler () guug de> Reply-To: linux-security () redhat com To: linux-security () redhat com Cc: The mutt developpers' list <mutt-dev () cs hmc edu>, gertjan () cs vu nl Subject: [linux-security] so-called snprintf() in db-1.85.4 Resent-Date: 9 Jul 1997 09:01:41 -0000 Resent-From: linux-security () redhat com Resent-cc: recipient list not shown:;@redhat.com Hi, There is a severe problem with the db-1.85.4 library's Linux port that can be found on sunsite.unc.edu under /pub/Linux/libs/db-1.85.4-src.tar.gz (sp?): This library contains a "snprintf" function which breaks down to a common sprintf, ignoring the size parameter. Obviously, this was thought to be a terribly bad work-around for C libraries which don't contain an snprintf routine of their own. The consequences of this bug are obvious: Any program which is linked with libdb.so.1.85.4 and relies on snprintf(3) to do it's bounds checking doesn't have any bounds checking at all. Note that recent linux C libraries contain an snprintf(3) function of their own which does it's job properly. Thus, the fix is to simply remove snprintf.o from libdb. tlr -- Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/ 1280/593238E1 · AE 24 38 88 1B 45 E4 C6 03 F5 15 6E 9C CA FD DB
Current thread:
- GetAdmin - Hotfix silent release ?, (continued)
- GetAdmin - Hotfix silent release ? Olivier Gerschel (Jul 16)
- Re: Minor PGP vulnerability Lucky Green (Jul 16)
- CERT Advisory CA-97.21 - SGI Buffer Overflow Vulnerabilities Aleph One (Jul 17)
- slight misinformation in CA-97.21 Dave Kormann (Jul 17)
- msg00234.html brush () SEARCH POL PL (Jul 17)
- CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Aleph One (Jul 16)
- Sun Security Bulletin #00146 Aleph One (Jul 16)
- Sun CDE 1.0.1: login bug Isaac (Jul 28)
- Re: Sun CDE 1.0.1: login bug Doug Hughes (Jul 29)
- CERT Vendor-Initiated Bulletin VB-97.06 - Vul in Lynx Downloading Aleph One (Jul 16)
- Re: [linux-security] so-called snprintf() in db-1.85.4 (fwd) Joe Zbiciak (Jul 10)
- A New Fragmentation Attack Aleph One (Jul 10)