Vulnerability Development mailing list archives
Re: nonsuid overflows... still at risk?
From: "Andrew R. Reiter" <arr () watson org>
Date: Wed, 6 Jun 2001 03:20:00 -0400 (EDT)
Any bug in a piece of code, regardless of use (to some extent), should also be considered a security risk. On Tue, 5 Jun 2001, KF wrote:
Here are several binaries on SCO that are not suid however seem to have classic overflows... I was wondering if these could be exploited due to the fact that a number of programs calls them. vi pg and more are the binaries in question. # SCO_SV frodev 3.2 5.0.6 i386 # TERM=`perl -e 'print "A" x 7000'` # export TERM # vi Memory fault - core dumped # pg Memory fault - core dumped # more Memory fault - core dumped Perhaps vi is exploitable via a suid program calling it? # ls -al /usr/bin/crontab lrwxrwxrwx 1 root root 39 Mar 26 08:23 /usr/bin/crontab -> /opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab # ls -al /opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab ---x--s--x 1 bin cron 39940 Jul 28 2000 /opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab # ls core* core # rm core # crontab -e note there was no message about it but there is a new core file. # ls core core input anyone? -KF
*-------------................................................. | Andrew R. Reiter | arr () fledge watson org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead
Current thread:
- Re: TCSH problems?, (continued)
- Re: TCSH problems? Kevin J. Menard, Jr. (Jun 06)
- Re: TCSH problems? Flux9 (Jun 06)
- Re: TCSH problems? Sven van ´t Veer (Jun 06)
- Re: TCSH problems? Edsel Adap (Jun 06)
- Re: TCSH problems? Felix Kronlage (Jun 06)
- Re: TCSH problems? Andreas Forsgren (Jun 06)
- Re: TCSH problems? Branko Ivanovic (Jun 06)
- Re: TCSH problems? Lee Smith (Jun 06)
- Re: TCSH problems? sean (Jun 07)
- Re: TCSH problems? poke (Jun 07)
- Re: nonsuid overflows... still at risk? Andrew R. Reiter (Jun 06)
- Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
- Re: nonsuid overflows... still at risk? KF (Jun 06)
- Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
- Re: nonsuid overflows... still at risk? KF (Jun 06)
- crontab and sgid (was: nonsuid overflows... still at risk?) Tomasz Grabowski (Jun 07)
- Re: crontab and sgid (was: nonsuid overflows... still at risk?) Olaf Kirch (Jun 08)
- Re: crontab and sgid (was: nonsuid overflows... still at risk?) Rafal Wojtczuk (Jun 09)
- Re: nonsuid overflows... still at risk? KF (Jun 06)