Re: buffer overflow in msgchk

From: Erwin J. van Eijk (eijkat_private)
Date: Wed May 13 1998 - 00:37:16 PDT

Next message: Solar Designer: "John the Ripper v1.5"

Previous message: Eric Monti: "3COM: Security Advisory (fwd)"
Maybe in reply to: Jorge Hurtado Rojo: "buffer overflow in msgchk"
Next in thread: Aleph One: "Re: buffer overflow in msgchk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

jorge> Sometime ago was published in bugtraq that a vulnerabily existed in the
jorge> msgchk program, which is installed suid root in redhat 5.0:

jorge> msgchk -host `perl -e 'print "A" x 2000'`

jorge> leads to a segfault, which can be exploited to get root access.

This vulnerability is not present when using mh-6.8.4-6 in RH
5. msgchk ends with

msgchk: argument AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAA (2000 times) too long

Grtz
EJ
--
+--------------------+ There's only one rule:
| Erwin J.  van Eijk |          The golden rule.
| eijkat_private       | He who owns the gold, rules.
+--------------------+

Next message: Solar Designer: "John the Ripper v1.5"
Previous message: Eric Monti: "3COM: Security Advisory (fwd)"
Maybe in reply to: Jorge Hurtado Rojo: "buffer overflow in msgchk"
Next in thread: Aleph One: "Re: buffer overflow in msgchk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:32 PDT