Hi, Quoting Samy Kamkar [CommPort5] (CommPort5at_private): > > [elguapo@linux elguapo]$ m4 %x,%x,%x,%x,%x,%x,%x > > m4: 0,bffff818,4000d2ce,805df78,8048c56,4002e0bc,4014af2c: No such file > > or directory > > can anyone think of a situation where this could cause root > > to be exploitated... m4 is not suid to my understanding. Take a look at some of the threads on other security-related mailing lists; especially about the semi-recent 'man' vulnerabilities; these were based on m4 string format vulnerabilities. > Since it's not suid by default, you can't gain root from it directly. > If another program (that is suid) is using it, then you might be able to > depending on how it's used...also, that's assuming that format string > bug is actually exploitable. It's only opening that file so I doubt you > can do any exploitation with it... Why would 'only opening the file' be a problem ? > Also, testing on my machine (fbsd) I just get: > m4: %x,%x,%x,%x,%x,%x,%x: No such file or directory man was definately vulnerable trough this. I think someone thought of some creative use of sendmail as well.. Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdmat_private for my GnuPG/PGP key. "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." -- Jeremy Anderson
This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 10:52:07 PDT