I contacted Caldera (SCO) about some local overflows in a few binaries that came default with my install of OpenUnix8... Here is a snippet of the email dialog between us. Due to the lack of access to the machine and lack of a good debugger on the system, I have not had time to put any further research time in. If anyone else has access to this fairly new OS feedback would be appreciated. Sorry for the lack of info on this subject. -KF >tiggerat_private wrote: > > To: dotslashat_private > > Hi, > > We've heard that you have found some suid overflows in OU8. In > particular, su was mentioned. We've fixed several problems with this > command, but it didn't fully get fixed until OU8 FCS. Are you certain > that you are not testing this on Beta? Not unless you mailed me beta media when I purchased it last week. =] basics of the issues are /bin/su and /sbin/su are not the same file and they both suffer the same overflow. They differ in size to say the least. TERM=`perl -e 'print "A" x 7000'` su - core dump or TERMINFO=long string TERM=semilong string su - nobody core dump /usr/sbin/reject `perl -e 'print "A" x 7000'` core dump /usr/sbin/lpsystem `perl -e 'print "A" x 7000'` core dump -KF
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 21:32:49 PDT