Bugtraq mailing list archives

Re: Solaris /usr/lib/exrecover buffer overflow

From: Florian Weimer <Florian.Weimer () RUS UNI-STUTTGART DE>
Date: Thu, 11 Jan 2001 11:54:45 +0100

Pablo Sor <psor () AFIP GOV AR> writes:

The /usr/lib/exrecover contains a buffer overflow
(this command is suid in Solaris 2.4/5/6)


This buffer overflow is probably not specific to Solaris, but already
contained in the original AT&T/UCB vi sources.  It seems as if
exrecover never was designed to be installed setuid root.

--
Florian Weimer                    Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Current thread:

Solaris /usr/lib/exrecover buffer overflow Pablo Sor (Jan 09)
- Re: Solaris /usr/lib/exrecover buffer overflow Darren J Moffat (Jan 09)
- Re: Solaris /usr/lib/exrecover buffer overflow Florian Weimer (Jan 12)