Bugtraq mailing list archives
Re: Linux NLSPATH buffer overflow
From: mike () thai oxy pub ro (Mihai Sandu)
Date: Thu, 13 Mar 1997 17:25:35 +0200
On Fri, 14 Feb 1997, Alan Cox wrote:
libc5.4 is immune, RedHat has been shipping the fixed libc5.3.12 for a long time, and all the vendors I had security contacts for where told ages ago. If they haven't fixed it then Im disappointed with them, they dont have an excuse. That libc5.3.12 unpatched also has other fun bugs with buffer overruns in libc some in the BSD stuff akin to the BSD bugs in rcmd() etc. Alan
[squid@arbat squid]$ cat /etc/redhat-release release 4.0 (Colgate) [squid@arbat squid]$ uname -a Linux arbat.ase.ro 2.0.18 #3 Fri Mar 7 11:28:49 EET 1997 i586 [squid@arbat squid]$ id uid=500(squid) gid=500(squid) groups=100(users),500(squid) [squid@arbat squid]$ ls -la /lib/libc* lrwxrwxrwx 1 root root 14 Feb 21 14:52 /lib/libc.so.5 -> libc.so.5.3.12 -rwxr-xr-x 1 root root 705995 Sep 2 1996 /lib/libc.so.5.3.12 lrwxrwxrwx 1 root root 22 Feb 21 14:57 /lib/libcom_err.so -> /lib/libcom_err.so.2.0 lrwxrwxrwx 1 root root 17 Feb 21 14:59 /lib/libcom_err.so.2 -> libcom_err.so.2.0 -rwxr-xr-x 1 root root 5819 Sep 1 1996 /lib/libcom_err.so.2.0 Naaaaahhhh! It won't work.... :( But what a hell let's try! [squid@arbat squid]$ cc -o suex suex.c [squid@arbat squid]$ ./suex bash# id uid=0(root) gid=500(squid) egid=0(root) groups=100(users),500(squid) Whooops.. it worked :) So. It works on RedHat 4.0 Colgate with libc v. 5.3.12 With all my best regards, Sandu Mihai
Current thread:
- Re: Linux NLSPATH buffer overflow Mihai Sandu (Mar 13)
- <Possible follow-ups>
- Re: Linux NLSPATH buffer overflow Jeff Uphoff (Mar 13)