Vulnerability Development mailing list archives
Re: Buffer overflow in awk
From: Jirka Kosina <jikos () jikos cz>
Date: Wed, 20 Mar 2002 00:04:43 +0100 (CET)
On Mon, 18 Mar 2002, Jeff Fields wrote:
So you are willing to guarentee to us that this awk bug will never be exploitable by an attacker in any circumstance? Cool. Oh wait, that's totally bogus.No. I can guarantee that a person who can pass arbitrary values to awk's -f option controls the account running such an instance of (GNU) awk without having to resort to the buffer overflow being discussed.[xplosive@dr4g0n]~$ echo 'BEGIN {system("id")}' | awk -f /dev/stdin uid=500(xplosive) gid=500(xplosive) groups=500(xplosive) ?
What's unclear about that? If you are somehow able to pass commands to 'awk -f' process running under another user's priviledges, you don't have to bother with that buffer overflow, which of course is a bug to be fixed, but you can simply run any command with that other user's priviledges using awk's system() function. -- JiKos.
Current thread:
- Re: Buffer overflow in awk, (continued)
- Re: Buffer overflow in awk Charles-Edouard Ruault (Mar 15)
- Re: Buffer overflow in awk JW (Mar 26)
- Re: Buffer overflow in awk Jason Stover (Mar 15)
- Re: Buffer overflow in awk wu2ftpd-ovich (Mar 15)
- Re: Buffer overflow in awk Enphourell Security (Mar 19)
- RE: Buffer overflow in awk Mike Batchelder (Mar 15)
- Re: Buffer overflow in awk sekure (Mar 15)
- Re: Buffer overflow in awk Kurt Seifried (Mar 15)
- Re: Buffer overflow in awk Pavel Kankovsky (Mar 17)
- Re: Buffer overflow in awk Jeff Fields (Mar 19)
- Re: Buffer overflow in awk Jirka Kosina (Mar 20)
- Re: Buffer overflow in awk sekure (Mar 15)
- Re: Buffer overflow in awk nilton . gs . sc (Mar 15)
- Re: Buffer overflow in awk Rui Miguel Silva Seabra (Mar 15)
- Re: Buffer overflow in awk Crist J. Clark (Mar 17)
- Re: Buffer overflow in awk Jose Nazario (Mar 18)
- RE: Buffer overflow in awk Hani Mustafa (Mar 24)
- Re: Buffer overflow in awk Elan Hasson (Mar 24)
- Re: Buffer overflow in awk Tim Gerritsen (Mar 24)