Bugtraq mailing list archives
Cidentd
From: jackal () HACK GR (Jackal)
Date: Sat, 10 Jan 1998 14:32:44 +0200
I'm sorry if this already known but i'm new to bugtraq. I've been using cidentd for quite a long of time and I have never had any problems. But, while i was looking in the code i found something interesting. The buffers cident uses for reading from /etc/cident.users and ~/.authlie are all 1024 bytes long. So i created as a normal user a ~/.authlie with a single line like this: user xxxx......xxxxx (1024 times) And something not so unexpectable happened... Cidentd would core dump... I'm not too good with making buffer overflow exploits, but I believe that xxx could be replaced with some shell code like making a suid shell in /tmp. Jackal/XTC
Current thread:
- Cidentd Jackal (Jan 10)