Vulnerability Development mailing list archives

Re: Vi buffer overflow

From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Thu, 8 Nov 2001 22:31:18 -0500 (EST)

On Tue, 6 Nov 2001, KF wrote:

Not sure how big of a deal either of these are due to the fact that
they are not suid... any thoughts?


can you force a filename that is arbitrarily input from a user to someone
with higher or other privilidges? can you target this? that would make in
interesting.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

Vi buffer overflow KF (Nov 08)
- Re: Vi buffer overflow Jose Nazario (Nov 08)
- xmalloc buffer overflow? Robert Freeman (Nov 09)
  - Re: xmalloc buffer overflow? dotslash (Nov 09)
    - Re: xmalloc buffer overflow? Gwendolynn ferch Elydyr (Nov 09)
  - Re: xmalloc buffer overflow? Christoph Moench-Tegeder (Nov 09)
  - Re: xmalloc buffer overflow? Syzop (Nov 09)
  - Re: xmalloc buffer overflow? Lucian Hudin (Nov 09)
    - luser beeing able to kill random root owned procs (linux 2.2.20) ? Lucian Hudin (Nov 09)
  - Re: xmalloc buffer overflow? Vasisht Tadigotla (Nov 09)
    - Re: xmalloc buffer overflow? Kev (Nov 09)
- Re: Vi buffer overflow Rob Paisley (Nov 13)

(Thread continues...)