Vulnerability Development mailing list archives
Re: Buffer overflow in BitchX-75p3 (Local)
From: Nelson Brito <nelson () SECUNET COM BR>
Date: Fri, 18 Feb 2000 10:38:27 -0300
s1gnal_9 wrote:
Tested on Redhat 7.0 A overflow occurs in the HOME environment. HOME=`perl -e '{print "A"x"3620"}'`
A few years ago I found a overflow condition like that. Try to put in your own .ircrc: /nick blablabla And, then, execute BitchX. You'll see a Segmentatio Fault message. But, like you said: "This is not exploitable! Just a reminder to keep all your program like this one non-suid. I have believe it or not ran into admins that had BitchX suid...(yea I could'nt believe it either)." Sem mais, -- Nelson Brito "Windows NT can also be protected from nmap OS detection scans thanks to *Nelson Brito* ..." Trecho do livro "Hack Proofing your Network", página 93
Current thread:
- Buffer overflow in BitchX-75p3 (Local) s1gnal_9 (Feb 19)
- Re: Buffer overflow in BitchX-75p3 (Local) Nelson Brito (Feb 19)
- Re: Buffer overflow in BitchX-75p3 (Local) visi0n (Feb 19)
- Re: Buffer overflow in BitchX-75p3 (Local) Nelson Brito (Feb 19)