Bugtraq mailing list archives
smbmount problem?
From: chris () FERRET LMH OX AC UK (Chris Evans)
Date: Tue, 21 Apr 1998 12:05:43 +0100
Hi, smbmount is a linux program to mount NT filesystem shares. /usr/sbin/smbmount //a/b / /usr/sbin/smbmount must be installed suid root Ohhh, that's nice. On my system (RH) it doesn't seem to be, which is probably very lucky! I expect it might be suid on other distributions maybe? # export USER=`perl -e 'print "A" x 10000'` # /usr/sbin/smbmount //a/b / Segmentation fault The buffer overflowed is on the stack, however it's of the form struct a { .. blah .. char user[32]; .. blah .. }; int main() { struct a; strcpy (&a.user, getenv("USER")); } I am interested to know if we can do anything malicious with this, since obviously the function "main" doesn't return and hand control to our overwritten stack frame. The eventual segfault is from within libc. Can someone enlighten us as to what use an overflow on the stack in functiom main() is? Aleph? :-) Cheers Chris
Current thread:
- NT configuration caution George (Apr 20)
- Re: NT configuration caution seifried () SEIFRIED ORG (Apr 20)
- lastx.c v2.0 Ryan (Apr 19)
- Re: NT configuration caution David LeBlanc (Apr 21)
- Re: NT configuration caution Zacharopoulos Dimitris (Apr 21)
- New IE4 bug w/Active Desktop installed Brian Krahmer (Apr 21)
- Re: New IE4 bug w/Active Desktop installed Max Vision (Apr 21)
- Vulnerability in HP OpenMail David Jones (Apr 21)
- Re: Vulnerability in HP OpenMail Richi Jennings (Apr 23)
- smbmount problem? Chris Evans (Apr 21)
- Re: smbmount problem? Czako Krisztian (Apr 21)
- Re: NT configuration caution David LeBlanc (Apr 21)
- Re: NT configuration caution Tim Newsham (Apr 21)
- hole in Inet Explorer Cacaio Torquato (Nov 04)
- Re: NT configuration caution David LeBlanc (Apr 22)
- Linux possible problem? Kyle McLerren (Apr 22)
- Vulnerability in OpenBSD, FreeBSD-stable lprm. Niall Smart (Apr 22)
- Re: NT configuration caution seifried () SEIFRIED ORG (Apr 20)