Re: m4 and format strings

From: Samy Kamkar [CommPort5] (CommPort5at_private)
Date: Wed Jun 27 2001 - 00:52:40 PDT

Next message: Jason Spence: "Re: Getting passwords from the heap?"

Previous message: Jarno Huuskonen: "Re: m4 and format strings"
In reply to: KF: "m4 and format strings"
Next in thread: Robert van der Meulen: "Re: m4 and format strings"
Reply: Robert van der Meulen: "Re: m4 and format strings"
Reply: Matt Zimmerman: "Re: m4 and format strings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> [elguapo@linux elguapo]$ m4 %x,%x,%x,%x,%x,%x,%x
> m4: 0,bffff818,4000d2ce,805df78,8048c56,4002e0bc,4014af2c: No such file
> or directory
> 
> can anyone think of a situation where this could cause root
> to be exploitated... m4 is not suid to my understanding.
> 
> -KF

Since it's not suid by default, you can't gain root from it directly. 
If another program (that is suid) is using it, then you might be able to
depending on how it's used...also, that's assuming that format string
bug is actually exploitable.  It's only opening that file so I doubt you
can do any exploitation with it...

Also, testing on my machine (fbsd) I just get:
m4: %x,%x,%x,%x,%x,%x,%x: No such file or directory

-- 
Samy Kamkar -- (877) 898-1424 -- CommPort5at_private
LucidX.com / pdump.org / LA.pm.org

Next message: Jason Spence: "Re: Getting passwords from the heap?"
Previous message: Jarno Huuskonen: "Re: m4 and format strings"
In reply to: KF: "m4 and format strings"
Next in thread: Robert van der Meulen: "Re: m4 and format strings"
Reply: Robert van der Meulen: "Re: m4 and format strings"
Reply: Matt Zimmerman: "Re: m4 and format strings"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 08:23:23 PDT