Vulnerability Development mailing list archives

potential chage ovf

From: marcys () FREE COM PL (m4rcyS)
Date: Wed, 17 Nov 1999 15:01:24 +0100


I've found that chage (+s, rh 6.1) strcpy()'s lines from /etc/passwd.
I've no sources by my hand but I think there's possibility to overflow
chage with the GECOS field ...

greetz,
____________________________________________________________
                              m4rcyS

                   email: marcys () free com pl, m () sh pl

"I think there is a world market for maybe five computers."
                     - Thomas Watson, chairman of IBM, 1943
------------------------------------------------------------

Current thread:

MS Outlook javascript parsing bug Mikael Olsson (Nov 09)
- Open Port on Win98 box tschweikle () FIDUCIA DE (Nov 10)
  - Re: Open Port on Win98 box Marc Esipovich (Nov 09)
    - Re: Open Port on Win98 box Marc Esipovich (Nov 09)
    - Re: Open Port on Win98 box Mike Bush (Nov 13)
  - Re: Open Port on Win98 box Blue Boar (Nov 10)
    - Re: Open Port on Win98 box Dragos Ruiu (Nov 10)
    - minor (?) mc bug m4rcyS (Nov 10)
    - Re: minor (?) mc bug Blue Boar (Nov 13)
    - potential chage ovf m4rcyS (Nov 17)
- Re: MS Outlook javascript parsing bug Mikael Olsson (Nov 10)
- <Possible follow-ups>
- Re: MS Outlook javascript parsing bug Reed, David (Nov 10)