Bugtraq mailing list archives
smbmount problem?
From: chris () FERRET LMH OX AC UK (Chris Evans)
Date: Tue, 21 Apr 1998 12:05:43 +0100
Hi,
smbmount is a linux program to mount NT filesystem shares.
/usr/sbin/smbmount //a/b /
/usr/sbin/smbmount must be installed suid root
Ohhh, that's nice. On my system (RH) it doesn't seem to be, which is
probably very lucky! I expect it might be suid on other distributions
maybe?
# export USER=`perl -e 'print "A" x 10000'`
# /usr/sbin/smbmount //a/b /
Segmentation fault
The buffer overflowed is on the stack, however it's of the form
struct a {
.. blah ..
char user[32];
.. blah ..
};
int
main()
{
struct a;
strcpy (&a.user, getenv("USER"));
}
I am interested to know if we can do anything malicious with this, since
obviously the function "main" doesn't return and hand control to our
overwritten stack frame. The eventual segfault is from within libc.
Can someone enlighten us as to what use an overflow on the stack in
functiom main() is? Aleph? :-)
Cheers
Chris
Current thread:
- NT configuration caution George (Apr 20)
- Re: NT configuration caution seifried () SEIFRIED ORG (Apr 20)
- lastx.c v2.0 Ryan (Apr 19)
- Re: NT configuration caution David LeBlanc (Apr 21)
- Re: NT configuration caution Zacharopoulos Dimitris (Apr 21)
- New IE4 bug w/Active Desktop installed Brian Krahmer (Apr 21)
- Re: New IE4 bug w/Active Desktop installed Max Vision (Apr 21)
- Vulnerability in HP OpenMail David Jones (Apr 21)
- Re: Vulnerability in HP OpenMail Richi Jennings (Apr 23)
- smbmount problem? Chris Evans (Apr 21)
- Re: smbmount problem? Czako Krisztian (Apr 21)
- Re: NT configuration caution David LeBlanc (Apr 21)
- Re: NT configuration caution Tim Newsham (Apr 21)
- hole in Inet Explorer Cacaio Torquato (Nov 04)
- Re: NT configuration caution David LeBlanc (Apr 22)
- Linux possible problem? Kyle McLerren (Apr 22)
- Vulnerability in OpenBSD, FreeBSD-stable lprm. Niall Smart (Apr 22)
- Re: NT configuration caution seifried () SEIFRIED ORG (Apr 20)