Vulnerability Development mailing list archives

Re: chsh Segfault on FreeBSD 3.3

From: wilder () HQ ALERT SK (Pavol Luptak)
Date: Sat, 20 May 2000 15:40:09 +0200


On Fri, May 19, 2000 at 01:57:45PM +0200, Fabio Pietrosanti wrote:

Hi, playing with some suid files on my FreeBSD 3.3 (FreeBSD
bsd01.nonexist.it 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Thu Jan  1
01:49:51
CET 1998     root@:/usr/src/sys/compile/MATRICE  i386 )

i notice thaht chsh return me a Segmentation fault .
where you run chsh it start the $EDITOR and give you a tmp file with :

#Changing user database information for fabio.
Shell: /usr/local/bin/bash
Full Name: Fabio Pietrosanti
Office Location:
Office Phone:
Home Phone:
Other information:


if i delete a line on with information is null( Office Phone or Office
Location in this example) chsh magically crash.


I found this bug 5 months ago, I attach document, where this problem was
exactly described. Look for Brock Tellier and Michal Zalewski reactions
in exploit-development mail archives.

Regards,

Pavol Luptak

-- 
_______________________________________________________________________
[wilder () hq alert sk] [http://hq.alert.sk/~wilder] [talker: ttt.sk 5678] 


<HR NOSHADE>
<UL>
<LI>text/plain attachment: ole_
</UL>

<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>

Current thread:

Re: String checking with PHP, (continued)
- - - Re: String checking with PHP Arturo Busleiman (May 24)
    - Why not a changeling? Daniel Petzen (May 20)
    - Re: Why not a changeling? Bluefish (May 20)
    - Re: Why not a changeling? Daniel Petzen (May 20)
    - Netscape forms using standard windows controls No User (May 21)
    - Re: Netscape forms using standard windows controls Derek Reynolds (May 21)
    - Re: Netscape forms using standard windows controls Pavel Kankovsky (May 22)
    - Re: Netscape forms using standard windows controls Chon-Chon Tang (May 22)
    - Re: Why not a changeling? Bluefish (May 21)
    - TopLayer layer 7 switch Advisory User nawk (May 20)
    - Re: chsh Segfault on FreeBSD 3.3 Pavol Luptak (May 20)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Taneli Huuskonen (May 19)
- CAU Technologies, Inc. Security Advisory 2000.05.19.001 : Default Syslog Installations Security Advisory (May 19)
- UPDATE on possible new "e-mail virus" concept ? Zoa_Chien (May 19)
  - Re: UPDATE on possible new "e-mail virus" concept ? Jim Paris (May 19)
    - Re: UPDATE on possible new "e-mail virus" concept ? Jon Williams (May 20)
    - Windows IP Fragment Reassembly Vulnerability Masial (May 20)
    - Re: Windows IP Fragment Reassembly Vulnerability Mikael Olsson (May 21)
    - Re: Outlook HTML VBS (demo) Michael Hendy (May 21)
    - Re: Outlook HTML VBS (demo) Masial (May 22)
    - Re: Windows IP Fragment Reassembly Vulnerability Blue Boar (May 21)

(Thread continues...)