Vulnerability Development mailing list archives

RE: Vi buffer overflow

From: "Lord, Steve (ISS London)" <SLord () iss net>
Date: Fri, 9 Nov 2001 04:58:06 -0500

Hmmm.... vi is the default editor on a lot of systems, not sure about SCO.
However, the default editor is launched by suid programs (e.g crontab -
sorry, can't think of anything more useful it's early here ;).

Steve Lord
Consultant
Internet Security Systems

-----Original Message-----
From: KF
To: vuln-dev () security-focus com; recon () snosoft com
Sent: 06/11/01 22:22
Subject: Vi buffer overflow

Not sure how big of a deal either of these are due to the fact that they
are not suid... any thoughts?

# vi `perl -e 'print "A" x 9000'` 
Memory fault - core dumped 

# du `perl -e 'print "A" x 9000'`
Memory fault - core dumped


# uname -a
SCO_SV scosysv 3.2 5.0.6 i386

-KF

Current thread:

Re: vi buffer overflow, (continued)
- Re: vi buffer overflow Kaneda Akira (Nov 09)
  - Re: vi buffer overflow Emmanuel BENOIT (Nov 09)
    - Re: vi buffer overflow Matias Sedalo (Nov 09)
  - Re: vi buffer overflow Thomas Graf (Nov 09)
  - Re: vi buffer overflow walter valenti (Nov 09)
  - Re: vi buffer overflow Piyush Agarwal (Nov 09)
    - Re[2]: vi buffer overflow Greg Wirth (Nov 09)
  - Re: vi buffer overflow Wichert Akkerman (Nov 09)
  - Re: vi buffer overflow Robert Jaroszuk (Nov 09)
  - Re: vi buffer overflow Vasisht Tadigotla (Nov 09)
- RE: Vi buffer overflow Lord, Steve (ISS London) (Nov 09)
  - RE: Vi buffer overflow batz (Nov 09)
- RE: vi buffer overflow Blue Boar (Nov 09)
  - RE: vi buffer overflow Piyush Agarwal (Nov 12)
    - RE: vi buffer overflow Hubert Pasternak (Nov 12)