Bugtraq mailing list archives

Re: vixie cron possible local root compromise

From: Wolfgang Wieser <wwieser () GMX DE>
Date: Wed, 14 Feb 2001 20:19:28 +0100

Note that the proposed patch...

<       strcpy(User, pw->pw_name);
---

      strncpy(User, pw->pw_name, MAX_UNAME - 1);


does not completely patch the hole. Okay, shellcode
will get cut off, but strncpy() does not '\0'-terninate the
strings but I saw that the rest of the code (notably the
next line strcpy(RealUser, User); ) assumes a
standard '\0'-terninated string.
So, the patch would be

<       strcpy(User, pw->pw_name);
---

      strncpy(User, pw->pw_name, MAX_UNAME - 1);
      User[MAX_UNAME-1]='\0';


wwieser

Current thread:

Re: vixie cron possible local root compromise, (continued)
- - - Re: vixie cron possible local root compromise Valdis Kletnieks (Feb 14)
    - Re: vixie cron possible local root compromise Juergen P. Meier (Feb 15)
    - Re: vixie cron possible local root compromise Nelson Brito (Feb 15)
  - Re: vixie cron possible local root compromise Alan DeKok (Feb 13)
    - Re: vixie cron possible local root compromise gabriel rosenkoetter (Feb 13)
    - Re: vixie cron possible local root compromise Robert Bihlmeyer (Feb 15)
- Re: vixie cron possible local root compromise Kris Kennaway (Feb 13)
- Re: vixie cron possible local root compromise Andrew Brown (Feb 13)
  - Re: vixie cron possible local root compromise Alfred Perlstein (Feb 13)
- Re: vixie cron possible local root compromise Mark van Reijn (Feb 12)
- Re: vixie cron possible local root compromise Wolfgang Wieser (Feb 15)
- Re: vixie cron possible local root compromise Settle, Sean (Feb 15)