> This is my first post to BugTraq > If this is old, I'm sorry. > when playing around with "/usr/bin/write" on Solaris 2.6 x86 , I found something > interesting. > It's buffer overflow bug in "/usr/bin/write" > To ensure, view this command : [snip] > ( Solaris 2.6 and 2.7 maybe .. ) > > bye bye ~ :) Confirmed under Sparc Solaris 2.6. Although I have no source code to verify this, I would assume the problem lies in a sprintf() call (or something similiar) that builds the device to open from the tty you specify on the command line. However, even if this is overflowable into a shell with tty permissions, I can see nothing useful coming out of it. crw--w---- 1 dm tty 24, 0 Mar 9 14:39 pts@0:0 Those are the permissions on the terminal. The most I can see happening is someone writing to my screen when I have messages turned off. Regards, -- Dan Moschuk (TFreak!dmat_private) Senior Systems/Network Administrator Globalserve Communications Inc., a Primus Canada Company "Be different: conform."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:34 PDT