Bugtraq mailing list archives

Re: Babcia Padlina Ltd. security advisory: mars_nwe bu

From: venglin () FREEBSD LUBLIN PL (Przemyslaw Frasunek)
Date: Fri, 3 Sep 1999 18:27:00 +0200


-----BEGIN PGP SIGNED MESSAGE-----

On 02-Sep-99 Taneli Huuskonen wrote:

+  snprintf(command, sizeof(command)-1, "mv %s %s 2>&1 >/dev/null" , oldname,
newname);
   return(system(command));
 }

Without seeing the context, I can't say for sure, but this looks like a
hole big enough to drive a truck through  -  calling system( ) with
user-supplied arguments.  If this code is running with superuser
privileges and shell metacharacters haven't been removed very carefully,
there's going to be a trivial exploit.


oh, i've looked at the code and function that contains that system() isn't ever
used.:)

- ---
* Fido: 2:480/124 ** WWW: FreeBSD.lublin.pl/~venglin ** GSM: +48-601-383657 *
* Inet: venglin () FreeBSD lublin pl ** PGP: D48684904685DF43 EA93AFA13BE170BF *

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBN8/209O5/yfsePq1AQHydQQAjQP1B1/Y5n11dSP3KreHlchiCOmuFPDC
3/SA+nTMrKBidcO/j37Mm/3biy9SkDmSSnn+EdKZwuCMH8BZ4CUrp6CdQzPwBJ8r
oJxcotzFHf3D/ojhhC89PsGfIGJ+L1QJiOuTLFltlJU1eOis8VhIQclT+0eNWVhM
g1sgF/mJaXE=
=SDuc
-----END PGP SIGNATURE-----

Current thread:

Babcia Padlina Ltd. security advisory: mars_nwe buffer overf Przemyslaw Frasunek (Aug 30)
- amd remote root exploit code Taeho Oh (Sep 01)
- Re: Babcia Padlina Ltd. security advisory: mars_nwe buffer Taneli Huuskonen (Sep 01)
  - Re: Babcia Padlina Ltd. security advisory: mars_nwe bu Przemyslaw Frasunek (Sep 03)
- Information on SCO and the Netscape vulnerabilities. Aaron Sigel (Sep 02)