Vulnerability Development mailing list archives
Re: Buffer overflow in BitchX-75p3 (Local)
From: visi0n <visi0n () AUX-TECH NET>
Date: Mon, 19 Feb 2001 19:26:39 -0300
There's no reason to leave BitchX suid, not leaving the topic off of the message BitchX 1.0c18 has the same local bof found in BitchX 1.0c17 and prev , so "noc noc anybody home" ? =============================================================================== visi0n AUX Technologies [www.aux-tech.net] On Fri, 18 Feb 2000, Nelson Brito wrote:
s1gnal_9 wrote:Tested on Redhat 7.0 A overflow occurs in the HOME environment. HOME=`perl -e '{print "A"x"3620"}'`A few years ago I found a overflow condition like that. Try to put in your own .ircrc: /nick blablabla And, then, execute BitchX. You'll see a Segmentatio Fault message. But, like you said: "This is not exploitable! Just a reminder to keep all your program like this one non-suid. I have believe it or not ran into admins that had BitchX suid...(yea I could'nt believe it either)." Sem mais, -- Nelson Brito "Windows NT can also be protected from nmap OS detection scans thanks to *Nelson Brito* ..." Trecho do livro "Hack Proofing your Network", p?gina 93
Current thread:
- Buffer overflow in BitchX-75p3 (Local) s1gnal_9 (Feb 19)
- Re: Buffer overflow in BitchX-75p3 (Local) Nelson Brito (Feb 19)
- Re: Buffer overflow in BitchX-75p3 (Local) visi0n (Feb 19)
- Re: Buffer overflow in BitchX-75p3 (Local) Nelson Brito (Feb 19)