Vulnerability Development mailing list archives
RE: Vi buffer overflow
From: "Lord, Steve (ISS London)" <SLord () iss net>
Date: Fri, 9 Nov 2001 04:58:06 -0500
Hmmm.... vi is the default editor on a lot of systems, not sure about SCO. However, the default editor is launched by suid programs (e.g crontab - sorry, can't think of anything more useful it's early here ;). Steve Lord Consultant Internet Security Systems -----Original Message----- From: KF To: vuln-dev () security-focus com; recon () snosoft com Sent: 06/11/01 22:22 Subject: Vi buffer overflow Not sure how big of a deal either of these are due to the fact that they are not suid... any thoughts? # vi `perl -e 'print "A" x 9000'` Memory fault - core dumped # du `perl -e 'print "A" x 9000'` Memory fault - core dumped # uname -a SCO_SV scosysv 3.2 5.0.6 i386 -KF
Current thread:
- Re: vi buffer overflow, (continued)
- Re: vi buffer overflow Kaneda Akira (Nov 09)
- Re: vi buffer overflow Emmanuel BENOIT (Nov 09)
- Re: vi buffer overflow Matias Sedalo (Nov 09)
- Re: vi buffer overflow Thomas Graf (Nov 09)
- Re: vi buffer overflow walter valenti (Nov 09)
- Re: vi buffer overflow Piyush Agarwal (Nov 09)
- Re[2]: vi buffer overflow Greg Wirth (Nov 09)
- Re: vi buffer overflow Wichert Akkerman (Nov 09)
- Re: vi buffer overflow Robert Jaroszuk (Nov 09)
- Re: vi buffer overflow Vasisht Tadigotla (Nov 09)
- Re: vi buffer overflow Emmanuel BENOIT (Nov 09)
- RE: Vi buffer overflow Lord, Steve (ISS London) (Nov 09)
- RE: Vi buffer overflow batz (Nov 09)
- RE: vi buffer overflow Blue Boar (Nov 09)
- RE: vi buffer overflow Piyush Agarwal (Nov 12)
- RE: vi buffer overflow Hubert Pasternak (Nov 12)
- RE: vi buffer overflow Piyush Agarwal (Nov 12)
- Re: vi buffer overflow Kaneda Akira (Nov 09)