Bugtraq mailing list archives

Re: Eterm SGID utmp Buffer Overflow (Local)

From: Michael Jennings <mej () kainx org>
Date: Mon, 21 Jan 2002 14:24:37 -0500

On Sunday, 13 January 2002, at 07:57:57 (-0700),
Charles 'core' Stevenson wrote:

I found this last night looking for suids to overflow.  Tested on
Debian PowerPC Unstable. Yields gid utmp from which higher
priveleges could be gained with a little effort. I haven't looked
too close but I think the overflow might be in imlib2.


Imlib2 1.0.5 has been released to fix this bug.  The source tarball
may be downloaded immediately from:

http://prdownloads.sourceforge.net/enlightenment/

The SRPM and i386 binary RPM's may also be downloaded from this
location, and I believe Debian unstable should already have the new
package as of last night's update.

My apologies to PPC users directly affected by this, but Apple has yet
to donate a PowerMac to the cause, so I can't build PPC RPM's.... :-)

Thanks to Mr. Stevenson for locating this problem and for verifying
the fix.

Regards,
Michael

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej () kainx org>
n+1, Inc., http://www.nplus1.net/         Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "Sorry, but my karma just ran over your dogma."            -- Unknown

Current thread:

Eterm SGID utmp Buffer Overflow (Local) Charles 'core' Stevenson (Jan 14)
- Re: Eterm SGID utmp Buffer Overflow (Local) Michael Jennings (Jan 21)