Bugtraq mailing list archives
Re: mc & Segmentation fault
From: sw3wn () CSOFT NET (Sw3)
Date: Sat, 13 Feb 1999 23:49:29 -0400
shaman wrote:
Some days ago i discovered something..If you export TERM with the name for example "buqtraq" and you will start Midnight Commander you will see something like this: localhost:~$ export TERM="bugtraq" localhost:~$ mc Unknown terminal: buqtraq Check the TERM environment variable. Also make sure that the terminal is defined in the terminfo database. Alternatively, set the TERMCAP environment variable to the desired termcap entry. But if the name of the TERM will include over 227 characters you will see something different: localhost:~$ export TERM="bugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraq bugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraq bugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraq bugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraq bugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraq " localhost:~$ mc Segmentation fault localhost:~$ I don`t know if it is interesting and i haven`t try do exploiting it but maybe someone.... I have tested it only on Slackware 3.5.
This is clearly a buffer overflow, but not a security compromise, since it's not remote exploitable nor suid anything. I checked it out, it seems to be a stack overflow, ie. the program counter is just next to it, quite common. I contacted the authors about it. -- Julien Nadeau | sw3wn () csoft net Proof of concept | "A complex solution to a simple problem" http://poc.csoft.net | [http://www.csoft.net/~sw3wn]
Current thread:
- Re: mc & Segmentation fault Sw3 (Feb 13)