As per the bitchx discussion, probably not, unless the /exec -o function can be interjected remotely by outsiders, else it would be at best a self exploit situation. now, if this /exec -o function can be amassed via tty's or pty's by another user on the system, or some other remote vector, then there is an issue. Thanks, Ron DuFresne On Tue, 1 Jan 2002 SirExar@crazy-horse.net wrote: > Slackware 8.0 > > Xchat 1.8.5 > > When you excute a command using exec -o in xchat, the command is excuted > and the output sent to the current window. > If you excute a command of a lengthy nature, such as 5000 characters : ) > Xchat seg faults, this could lead to possible buffer overflow problems, > because the memory address is rewritten. > I used perl -e 'print "A" x 5000' to cause the fault (/exec -o perl -e > 'print "A" x 5000') which should produced an EIP of 0x41414141. > (Hex A) > > GNU gdb 5.0 > Copyright 2000 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "i386-slackware-linux"... > (gdb) r > Starting program: /usr/bin/xchat > [New Thread 1024 (LWP 14486)] > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 1024 (LWP 14486)] > 0x80993b0 in handle_command ( > cmd=0x41414141 <Address 0x41414141 out of bounds>, sess=0x41414141, > history=1094795585, nocommand=1094795585) at outbound.c:3390 > 3390 outbound.c: No such file or directory. > (gdb) > > > Im not sure if its exploitable or even a problem but i thought it was > worth a try. > > -exar > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
This archive was generated by hypermail 2b30 : Wed Jan 02 2002 - 10:16:58 PST