Any bug in a piece of code, regardless of use (to some extent), should also be considered a security risk. On Tue, 5 Jun 2001, KF wrote: > Here are several binaries on SCO that are not suid however seem to have > classic > overflows... I was wondering if these could be exploited due to the fact > that a number > of programs calls them. vi pg and more are the binaries in question. > > # SCO_SV frodev 3.2 5.0.6 i386 > # TERM=`perl -e 'print "A" x 7000'` > # export TERM > # vi > Memory fault - core dumped > # pg > Memory fault - core dumped > # more > Memory fault - core dumped > > Perhaps vi is exploitable via a suid program calling it? > # ls -al /usr/bin/crontab > lrwxrwxrwx 1 root root 39 Mar 26 08:23 /usr/bin/crontab > -> /opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab > # ls -al /opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab > ---x--s--x 1 bin cron 39940 Jul 28 2000 > /opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab > > # ls core* > core > # rm core > # crontab -e > note there was no message about it but there is a new core file. > # ls core > core > > input anyone? > > -KF > *-------------................................................. | Andrew R. Reiter | arrat_private | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead
This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 08:12:37 PDT