Vulnerability Development mailing list archives
Re: ddd smashed
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Wed, 16 Jan 2002 02:27:47 +0100 (MET)
On 15 Jan 2002, l0rt wrote:
Program : ddd OS : Linux DISTRO : RedHat 7.1 Issue : 0x41414141 (no core tho) Home Page: http://www.gnu.org/software/ddd/ suid : No sgid : No Issue : ddd may be called by an suid helper binary and could be exploited to gain local root access.
Why the hell would anyone ever want to invoke a *debugger* frontend via a setuid helper?! Anyone stupid enough to do anything like that would create multiple security holes an order of magnitude bigger than this little buffer overflow in ddd! --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- ddd smashed l0rt (Jan 15)
- Re: ddd smashed Pavel Kankovsky (Jan 16)
- Re: ddd smashed l0rt (Jan 16)
- Re: ddd smashed Pavel Kankovsky (Jan 16)
- Re: ddd smashed l0rtamus Prime (Jan 16)
- Re: ddd smashed l0rt (Jan 16)
- Re: ddd smashed Pavel Kankovsky (Jan 16)