Bugtraq mailing list archives
Re: Solaris /usr/lib/exrecover buffer overflow
From: Florian Weimer <Florian.Weimer () RUS UNI-STUTTGART DE>
Date: Thu, 11 Jan 2001 11:54:45 +0100
Pablo Sor <psor () AFIP GOV AR> writes:
The /usr/lib/exrecover contains a buffer overflow (this command is suid in Solaris 2.4/5/6)
This buffer overflow is probably not specific to Solaris, but already contained in the original AT&T/UCB vi sources. It seems as if exrecover never was designed to be installed setuid root. -- Florian Weimer Florian.Weimer () RUS Uni-Stuttgart DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
Current thread:
- Solaris /usr/lib/exrecover buffer overflow Pablo Sor (Jan 09)
- Re: Solaris /usr/lib/exrecover buffer overflow Darren J Moffat (Jan 09)
- Re: Solaris /usr/lib/exrecover buffer overflow Florian Weimer (Jan 12)