Vulnerability Development mailing list archives
slocate bug.
From: Ehud Tenenbaum <analyzer () 2xss com>
Date: Thu, 14 Feb 2002 10:09:32 +0200
Hey, Its a good time to announce that 2xs security LTD. decided to create a research team in order to focus on finding new bugs, further more we managed to develop a security tool to discover bugs/security flaws. In the near future, the tool itself will became an open source project. slocate (Secure locate) coming with the default installation in redhat linux suid to slocate. bash-2.05$ ls -al /usr/bin/slocate -rwxr-sr-x 1 root slocate 20880 dec 18 2000 /usr/bin/slocate bash-2.05$ slocate -r `perl -e 'print "A" x 65026'` Segmentation fault bash-2.05$ slocate -r `perl -e 'print "A" x 65025'` [...] no segfault [...] We found non exploitble bug which pointed out by KoSak (Cabezon Aur?lien aurelien.cabezon () isecurelabs com) the segfault is due to a null pointer, because regcomp() will return 0 when the buffer is bigger than 65028 bytes -> then, regerr() will be called but the programmer forgot to allocate his errbuf variable, so it is called with errbuf=NULL. (See line 1193, main.c). should anyone have questions or comments you can email us: analyzer () 2xss com izik () 2xss com mixter () 2xss com -- ------------ Ehud Tenenbaum C.T.O & Project Manager 2xs LTD. Tel: 972-9-9519980 Fax: 972-9-9519982 E-Mail: ehud () 2xss com ------------ Have A Safe Day
Current thread:
- slocate bug. Ehud Tenenbaum (Feb 14)
- Re: slocate bug. KF (Feb 14)
- Re: slocate bug. Rodrigo Barbosa (Feb 15)
- Re: slocate bug. Guilherme Mesquita (Feb 15)
- Re: slocate bug. Kurt Seifried (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 16)
- Re: slocate bug. Kurt Seifried (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 17)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- Re: slocate bug. Rodrigo Barbosa (Feb 15)
- Re: slocate bug. KF (Feb 14)