Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: KDE: /usr/bin/kdesud, gid = 0 exploit

From: chmouel () MANDRAKESOFT COM (Chmouel Boudjnah)
Date: Sun, 28 May 2000 23:38:59 +0200

noir <noir () GSU LINUX ORG TR> writes:


/usr/bin/kdesud has DISPLAY enviroment variable overflow.
tested on Mandrake 7.02 (Air), exploit will get you gid=0


Here is the patch :

--- kdesu/kdesud/kdesud.cpp.chmou       Sun May 28 23:31:28 2000
+++ kdesu/kdesud/kdesud.cpp     Sun May 28 23:31:41 2000
@@ -161,7 +161,8 @@

     struct sockaddr_un addr;
     addr.sun_family = AF_UNIX;
-    strcpy(addr.sun_path, sock.c_str());
+    strncpy(addr.sun_path, sock.c_str(), sizeof(addr.sun_path) - 1);
+    addr.sun_path[sizeof(addr.sun_path) - 1] = 0;
     addrlen = SUN_LEN(&addr);
     if (bind(sockfd, (struct sockaddr *)&addr, addrlen) < 0) {
        xerror("bind(): %s");


--
MandrakeSoft Inc                http://www.mandrakesoft.com
In travel.                                        --Chmouel
Previous By Date Next
Previous By Thread Next

Current thread: