Bugtraq mailing list archives

Solaris 2.4 pop buffer overrun

From: julio.casal () SERVICOM ES (Julio Casal)
Date: Wed, 5 Aug 1998 18:55:05 +0200


An old one I guess known but I never saw it in the list:

Solaris 2.4 popper has an overflow in the username explotaible obviously
as root.
It's also easy to get root's shadow entry in the core dumped just failing to
log as root before overruning the username.

Cheers,
Julio.

Current thread:

Solaris 2.5.1/2.6 fingerd bug Fiji (Aug 05)
- Re: Solaris 2.5.1/2.6 fingerd bug James Garnett (Aug 05)
  - Solaris 2.4 pop buffer overrun Julio Casal (Aug 05)
    - Re: Solaris 2.4 pop buffer overrun Matthew R. Potter (Aug 07)
  - Re: Solaris 2.5.1/2.6 fingerd bug Joseph Moran (Aug 06)
    - Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 07)
  - Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 06)
    - Re: Solaris 2.5.1/2.6 fingerd bug Matthew R. Potter (Aug 06)
    - ADMsmb security scanner for samba The ADM Crew (Aug 06)
    - Eudora executes (Java) URL Stout, Bill (Aug 07)
    - Re: Eudora executes (Java) URL John D. Hardin (Aug 07)
    - Re: Eudora executes (Java) URL John D. Hardin (Aug 08)
  - IRIX IP Spoofing/TCP Sequence Attack Update SGI Security Coordinator (Aug 06)

(Thread continues...)