Possible root exploit in Linux povray

From: Luke (lukeat_private)
Date: Tue Jul 28 1998 - 20:57:18 PDT

Next message: Brett Glass: "Re: Microsoft Security Bulletin (MS98-008)"

Previous message: Brett Glass: "Re: Microsoft Security Bulletin (MS98-008)"
Next in thread: Dag-Erling Coidan Smørgrav: "Re: Possible root exploit in Linux povray"
Reply: Dag-Erling Coidan Smørgrav: "Re: Possible root exploit in Linux povray"
Reply: James Youngman: "Re: Possible root exploit in Linux povray"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In the official (3.02) release of povray for linux, the s-povray binary
must be installed suid root to function (complains about not being able to
open /dev/console without it).  Giving a large filename:

$ s-povray -I`perl -e "print 'A'x1000"`

results in segfault.  Glancing over the code reveals a lot of strcpy()'s
and strcat()'s.  Dunno, need sleep now, work on exploit later if have time :)

Luke

Next message: Brett Glass: "Re: Microsoft Security Bulletin (MS98-008)"
Previous message: Brett Glass: "Re: Microsoft Security Bulletin (MS98-008)"
Next in thread: Dag-Erling Coidan Smørgrav: "Re: Possible root exploit in Linux povray"
Reply: Dag-Erling Coidan Smørgrav: "Re: Possible root exploit in Linux povray"
Reply: James Youngman: "Re: Possible root exploit in Linux povray"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:09:36 PDT