A possible buffer overflow in libnewt

From: Wu Tao (leptonat_private)
Date: Wed Mar 27 2002 - 22:24:22 PST

Next message: Scalise, Marzio : "Authentication with RSA SecurID and Outlook web access"

Previous message: Andrey Gordienko: "Oracle9i TSN DoS Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Hi! When I am debugging my little program which used libnewt,I found a possible buffer overflow in libnewt. libnewt is widely used by configuration program in redhat.Because there is no suid program use libnewt in my redhat 6.2 environment,it seems this bug can't be used to gain root.But if there is any suid program use libnewt,it is dangerous. The following is my patch for libnewt 0.5.33. I have mailed the author of libnewt about a week ago, but I have got no reply. diff -ur newt-0.50.33/newt.c newt-0.50.33-n/newt.c --- newt-0.50.33/newt.c Wed Apr 4 03:33:10 2001 +++ newt-0.50.33-n/newt.c Tue Mar 19 21:41:24 2002 @@ -331,6 +331,8 @@ } *chptr++ = key; + if(chptr-buf>8) + break; /* this search should use bsearch(), but when we only look through a list of 20 (or so) keymappings, it's probably faster just to

Next message: Scalise, Marzio : "Authentication with RSA SecurID and Outlook web access"
Previous message: Andrey Gordienko: "Oracle9i TSN DoS Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 28 2002 - 14:56:02 PST