Hi, smbmount is a linux program to mount NT filesystem shares. /usr/sbin/smbmount //a/b / /usr/sbin/smbmount must be installed suid root Ohhh, that's nice. On my system (RH) it doesn't seem to be, which is probably very lucky! I expect it might be suid on other distributions maybe? # export USER=`perl -e 'print "A" x 10000'` # /usr/sbin/smbmount //a/b / Segmentation fault The buffer overflowed is on the stack, however it's of the form struct a { .. blah .. char user[32]; .. blah .. }; int main() { struct a; strcpy (&a.user, getenv("USER")); } I am interested to know if we can do anything malicious with this, since obviously the function "main" doesn't return and hand control to our overwritten stack frame. The eventual segfault is from within libc. Can someone enlighten us as to what use an overflow on the stack in functiom main() is? Aleph? :-) Cheers Chris
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:50:01 PDT