On Thursday 29 November 2001 13:13, Izik wrote: > Hello > > i've found buffer overflow in uucp. in BSDi platform's > right now i've checked that on: > ----SNIP----- > buffer overflow is based on command line argv. for ex: > > /usr/bin/uucp `perl -e 'print "A" x 900'` `perl -e 'print "A" x 900'` > `perl -e 'print "A" x 356'` It doesnt seem to work on Slackware 8.0, though.. lucien@Rhoxy:~$ /usr/bin/uucp `perl -e 'print "A" x 90000'` `perl -e 'print "A" x 90000'` `perl -e 'print "A" x 35060'` bash: /usr/bin/uucp: Argument list too long Shorter strings of A ( I just added extra 0's ) just give a "filename too long" lucien@Rhoxy:~$ uucp -v uucp: Taylor UUCP 1.06.1, copyright (C) 1991, 92, 93, 94, 1995 Ian Lance Taylor lucien@Rhoxy:~$ ls -al /usr/bin/uucp -r-sr-xr-x 1 uucp bin 82928 Jun 21 2000 /usr/bin/uucp* > > since uucp is by nature suid. and the ownership is by uucp > i don't see the real profit. what does bother me is that uucp > also got a daemon ... Well, it would confuse logging, for one thing :) And think about situations where someone has a restricted shell .. > > Singed. > izik @ http://www.tty64.org
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 13:35:03 PST