Vulnerability Development mailing list archives
Re: Evolution Cores (needs more work)
From: Kev <klmitch () MIT EDU>
Date: Tue, 15 Jan 2002 17:29:42 -0500
I was doing some testing of env vars (HOME in this case) and managed to get evolution to core.. I set $HOME to 10235 A's as shown below, then tried to execute evolution. When I did that the following happened: sh-2.04$ export HOME=3D`perl -e'print "A" x 10235'` sh-2.04$ evolution Gnome-ERROR **: Could not create per-user Gnome directory <AAAAAA....<snip> aborting... Aborted (core dumped)
This, combined with the stack trace you show below, indicates that it is very unlikely that this bug can be exploited. If I understand what I'm seeing correctly, Gnome is trusting the HOME environment variable--not a security problem in and of itself, really--and trying to create a directory it can use for per-user information. It doesn't seem to be overflowing the buffer--perhaps it's truncating the file name--but when the directory creation fails, the Gnome library itself crunches out by calling abort(). Although this is bad manners in library code, it doesn't really represent a vulnerablity as far as I can see. -- Kevin L. Mitchell <klmitch () mit edu>
Current thread:
- Evolution Cores (needs more work) l0rt (Jan 15)
- Re: Evolution Cores (needs more work) Kev (Jan 15)