Bugtraq mailing list archives
Re: Security Problems in XMCD 2.1
From: felicity () kluge net (Theo Van Dinter)
Date: Tue, 26 Nov 1996 16:14:48 -0500
On Tue, 26 Nov 1996, David J. Meltzer wrote:
I have obtained the 2.1 release of XMCD and through a cursory examination of the code have uncovered another buffer overflow problem that appear to be exploitable to gain root access on the system. I have not verified that the hole is exploitable, although it definitely exists. As I stated before, if you remove the suid bit from xmcd, then you do not have to worry about upgrading other than for the new features that have been added, whether you can still function xmcd without the suid bit varies depending on your system.
On a side tangent, I grabbed the 2.1 binary (since I don't have the motif libraries under Linux...) and installed it. It's not setuid by default... On a side tangent, the standard rule of thumb is: "If a program doesn't really need SUID/GID, don't give it SUID/GID." ... Doesn't fix the buffer overrun, but it doesn't give the user root either... -- ----------------------------------------------------------------------------- Theo Van Dinter www: http://www.kluge.net/~felicity/ Vice-President WPI Lens and Lights Active Member in SocComm Films Member of WPI ACM AME for the Masque B-Term Show Guillotine operators get severance pay. -----------------------------------------------------------------------------
Current thread:
- A Stupid script., (continued)
- A Stupid script. Aleph One (Nov 24)
- AIX lquerypv Aleph One (Nov 25)
- lquerypv fix Troy Bollinger (Nov 25)
- Security Problems in XMCD David J. Meltzer (Nov 25)
- FreeBSD Security Advisory: FreeBSD-SA-96:18.lpr FreeBSD Security Officer (Nov 25)
- Digital FW2.0 question Peter Dieth (Nov 26)
- Re: Digital FW2.0 question Alan Cox (Nov 27)
- Re: FreeBSD Security Advisory: FreeBSD-SA-96:18.lpr Warner Losh (Nov 26)
- XMCD v2.1 released (was: Security Problems in XMCD) Xmcd Admin (Nov 25)
- Security Problems in XMCD 2.1 David J. Meltzer (Nov 26)
- Re: Security Problems in XMCD 2.1 Theo Van Dinter (Nov 26)
- Re: Security Problems in XMCD 2.1 Jim Dennis (Nov 26)
- Re: Security Problems in XMCD 2.1 Alan Cox (Nov 27)
- Administratriva Aleph One (Nov 26)
- A security issue of a different kind. Alan Brown (Nov 26)
- BOOTP/DHCP security itudps (Nov 26)
- Re: BOOTP/DHCP security Alan Cox (Nov 27)
- Re: A security issue of a different kind. Jon Peatfield (Nov 27)
- Re: A security issue of a different kind. Piete Brooks (Nov 27)
- Major Security Vulnerabilities in Remote CD Databases David J. Meltzer (Nov 26)
- Re: Major Security Vulnerabilities in Remote CD Databases itudps (Nov 26)