[linux-security] Re: Re: so-called snprintf() in db-1.85.4

[aleph1 () DFW NET (Aleph One)]

---------- Forwarded message ----------
Date: Wed, 9 Jul 1997 11:20:08 -0400 (EDT)
From: Illuminati Primus <vermont () gate net>
To: Hal DeVore <hdevore () bmc com>
Cc: Thomas Roessler <roessler () guug de>, linux-security () redhat com
Subject: [linux-security] Re: Re: so-called snprintf() in db-1.85.4

ldd /usr/sbin/sendmail
        libgdbm.so.1 => /lib/libgdbm.so.1
        libdb.so.1 => /usr/lib/libdb.so.1
        libc.so.5 => /lib/libc.so.5

Does this mean that the all occurences of snprintf in my sendmail are now
susceptible to overflows?  Or might the order of the links to the
libraries override libdb's snprintf with the libc version?  I am unsure
about how symbols are loaded from libraries...

[mod: I'd vote "YES", sendmail is vulnerable. Strings on
/usr/sbin/sendmail gives "snprintf", quite close to the string
"libdb.so.2.0.0". The order of the links works as it should when
special libraries (like libdb) can override the default (in libc) -- REW]

Thanks for any info,
-vermont () gate net

On Wed, 9 Jul 1997, Hal DeVore wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
>
>
> roessler () guug de wrote:
> > There is a severe problem with the db-1.85.4 library's Linux port
>
> I just ran nm on my libdb.a and found:
>
> snprintf.o:
> 00000000 t gcc2_compiled.
> 00000000 T snprintf
> 00000014 T vsnprintf
>          U vsprintf
>
> Without looking at the code I'd bet that the vsnprintf function supplied
> in this library similarly turns into a vsprintf.
>
> Hal
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3a
> Charset: noconv
>
> iQCVAwUBM8OG50Zrb8SDJ8hxAQE77wP/a10vOmulKy3hOcG9bqwBA64m7OEejqv7
> 7CiRGcRepHyowVMHvp2P7pITCYohGxpEweljnA4iqHy8WG68No8pK2YOjp7RDLda
> WcS+CvImoLX7gBZK3LBQpmWqtrHfwO/I3QaqfietW93mG0PPrysRGhUNi94+MKB5
> 4SUgslHA42U=
> =AkPG
> -----END PGP SIGNATURE-----