Bugtraq mailing list archives
Re: ELM overflow
From: security () home bti pl (security () home bti pl)
Date: Wed, 14 May 1997 15:10:46 +0200
On Tue, 13 May 1997, Wojciech Swieboda wrote:
Hello,
I've lately found an overflow vulnerability in Elm (Elm is setgid
mail on linux, and perhaps on some other platforms aswell). I've tested this
bug on versions 2.3 and 2.4, on 3 different Linux installations.
from Elm 2.3's curses.c:
[...]
char termname[40];
char *strcpy(), *getenv();
if (getenv("TERM") == NULL) return(-1);
if (strcpy(termname, getenv("TERM")) == NULL)
return(-1);
[...]
to patch, change the strcpy line to
if (strncpy(termname, getenv("TERM"), sizeof(termname)) == NULL)
To patch it on Elm 2.4, change:
[...]
if (strcpy(termname, termenv) == NULL)
return (-1);
to:
[...]
if (strncpy(termname, termenv, sizeof(termname)) == NULL)
return (-1);
-Grych
Current thread:
- Yet another WinNuke page., (continued)
- Yet another WinNuke page. Nobody (May 11)
- Re: Linux UID/GID 'Feature' Jim Trocki (May 11)
- Re: Linux UID/GID 'Feature' Jon Lewis (May 11)
- more DoS fun Ghent (May 11)
- Re: Linux UID/GID 'Feature' Andrew G. Morgan (May 11)
- sendmail 8.8.6 Beta release available Jason R Mastaler (May 11)
- New Win95 OOB fix allows Netbios to be used Aaron Weintraub (May 12)
- UPDATE TO OOB FIX Aaron Weintraub (May 12)
- Re: New Win95 OOB fix allows Netbios to be used Ian MacPhedran (May 13)
- UPDATE TO OOB FIX Wojciech Swieboda (May 13)
- Re: ELM overflow security () home bti pl (May 14)
- Re: ELM overflow Michel GAUDET (May 16)
- potential root exploit with help from sam (HP-UX 10.x) David Hyams (May 14)
- Re: potential root exploit with help from sam (HP-UX 10.x) Trevor Schroeder (May 14)
- Sun Security Bulletin #00140 Sun Security Coordination Team (May 14)
- Non-executable stack -- final Linux kernel patch Solar Designer (May 14)
- NT4.0 SP3 Still vulnerable Aaron Spangler (May 15)
- MicroSolved finds hole in Ascom Timeplex Router Security Brent Huston (May 15)