>when playing around with "/usr/bin/write" on Solaris 2.6 x86 , I found something > interesting. >It's buffer overflow bug in "/usr/bin/write" >To ensure, view this command : > >( Solaris 2.6 x86 ) >[loveyou@/user/loveyou/buf]{30}% write loveyou `perl -e 'print "x" x 97'` >[loveyou@/user/loveyou/buf]write loveyou `perl -e 'print "x" x 97'` >xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >( Solaris 2.6 and 2.7 maybe .. ) This also segfaults under Solaris 2.6 and 7 on SPARC. I'm not sure how exploitable this is, as it is only sgid tty, which isn't a huge problem (but could be nonetheless, I suppose). -- John Riddoch Email: jrat_private Telephone: (01224)262730 Room C4, School of Computer and Mathematical Science Robert Gordon University, Aberdeen, AB25 1HG I am Homer of Borg. Resistance is Fu... Ooooh! Donuts!
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:20 PDT