Vulnerability Development mailing list archives
nonsuid overflows... still at risk?
From: KF <dotslash () snosoft com>
Date: Tue, 05 Jun 2001 12:59:19 -0400
Here are several binaries on SCO that are not suid however seem to have classic overflows... I was wondering if these could be exploited due to the fact that a number of programs calls them. vi pg and more are the binaries in question. # SCO_SV frodev 3.2 5.0.6 i386 # TERM=`perl -e 'print "A" x 7000'` # export TERM # vi Memory fault - core dumped # pg Memory fault - core dumped # more Memory fault - core dumped Perhaps vi is exploitable via a suid program calling it? # ls -al /usr/bin/crontab lrwxrwxrwx 1 root root 39 Mar 26 08:23 /usr/bin/crontab -> /opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab # ls -al /opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab ---x--s--x 1 bin cron 39940 Jul 28 2000 /opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab # ls core* core # rm core # crontab -e note there was no message about it but there is a new core file. # ls core core input anyone? -KF
Current thread:
- nonsuid overflows... still at risk? KF (Jun 05)
- TCSH problems? Alex (Jun 06)
- Re: TCSH problems? Alex (Jun 06)
- Re: TCSH problems? Alex (Jun 06)
- Re: TCSH problems? Mike Duncan (Jun 06)
- Re: TCSH problems? Flux9 (Jun 06)
- Re: TCSH problems? KF (Jun 06)
- Re: TCSH problems? KF (Jun 06)
- Re: TCSH problems? Guezou Philippe (Jun 06)
- Re: TCSH problems? Alex (Jun 06)
- TCSH problems? Alex (Jun 06)
- Re: TCSH problems? Kevin J. Menard, Jr. (Jun 06)
- Re: TCSH problems? Flux9 (Jun 06)