Re: Solaris "/usr/bin/write" bug

From: John RIddoch (jrat_private)
Date: Tue Mar 09 1999 - 09:16:26 PST

Next message: syg FPSC: "The FPSC-IRCD.txt advisory"

Previous message: Christopher Masto: "Re: More Internet Explorer zone confusion"
Next in thread: Chris Tobkin: "Re: Solaris "/usr/bin/write" bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>when playing around with "/usr/bin/write" on Solaris 2.6 x86 , I found
something
> interesting.
>It's buffer overflow bug in "/usr/bin/write"
>To ensure, view this command :
>
>( Solaris 2.6 x86 )
>[loveyou@/user/loveyou/buf]{30}% write loveyou `perl -e 'print "x" x 97'`
>[loveyou@/user/loveyou/buf]write loveyou `perl -e 'print "x" x 97'`
>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>( Solaris 2.6 and 2.7 maybe .. )

This also segfaults under Solaris 2.6 and 7 on SPARC.

I'm not sure how exploitable this is, as it is only sgid tty, which isn't a
huge problem (but could be nonetheless, I suppose).

--
John Riddoch	Email: jrat_private	Telephone: (01224)262730
Room C4, School of Computer and Mathematical Science
Robert Gordon University, Aberdeen, AB25 1HG
I am Homer of Borg. Resistance is Fu... Ooooh! Donuts!

Next message: syg FPSC: "The FPSC-IRCD.txt advisory"
Previous message: Christopher Masto: "Re: More Internet Explorer zone confusion"
Next in thread: Chris Tobkin: "Re: Solaris "/usr/bin/write" bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:20 PDT