Bugtraq mailing list archives
buffer overflow in dbadmin
From: security () SHELL NACS NET (NACS Security Administrator)
Date: Wed, 7 Oct 1998 23:49:30 -0400
I apologize if this has already been posted, I searched and did not find it. I found a buffer overflow (no exploit code here kiddies) in dbadmin v1.0.1 for linux. Dbadmin is a database administration tool that is run as a CGI to maintain mSQL servers. I am not sure whether it is exploitable or not. Here is the data: The README file indicates that the file needs to be setuid to the owner of mSQL server. It also suggests using a .htaccess file, so only priveledged users will be able to use this to any advantage. Looking at dbadmin.c, we see some interesting tidbits: dbadmin.c: strcpy(op_temp,curField->name); dbadmin.c: strcat(rec_new,curField->name); At a glance, that doesn't look very good. Neither does this: [root@ni dbadmin_v1.0.1]# grep strcat *.c | wc -l 63 [root@ni dbadmin_v1.0.1]# grep strcpy *.c | wc -l 13 This is code from 1996 so if there has probably been a newer release, but I can't seem to find it, or the author. Have a great day. Richard Zack. ------------------------------------------------------------ New Age Consulting Service, Inc. 216-619-2000 root () nacs net richard () nacs net hostmaster () nacs net security () nacs net http://www.nacs.net/~richard ------------------------------------------------------------
Current thread:
- buffer overflow in dbadmin NACS Security Administrator (Oct 07)
- <Possible follow-ups>
- Re: buffer overflow in dbadmin duke (Oct 08)