Re: artsd overflow

From: castongjat_private
Date: Thu Jan 03 2002 - 20:51:24 PST

Next message: Sebastian: "Re: Retarded *feature* in ftp4all"

Previous message: Doru Petrescu: "Re: Vuln in Verisign PayFlow Link payment service"
In reply to: Fuska: "artsd overflow"
Next in thread: H D Moore: "Re: artsd overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 4 Jan 2002, Fuska wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
>
>   Happy new year.
>
>   Take a look at this:
>
> r00t:~$ ls -las `which artswrapper` `which artsd`
> 4 -rwsr-xr-x    1 root     root     4048 Dec 28 22:43 /usr/bin/artswrapper*
> 120 -rwxr-xr-x  1 root     root   117644 Dec 28 22:43 /usr/bin/artsd*
>
>
> r00t:~$ artsd -m `perl -e 'print "A"x3000'`
> Segmentation fault

I've found the same thing before, its a bug in artsd. I get the same thing
on Slackware 8/current.

artswrapper drops permissions before getting to this

in arts-0.6.0/arts/soundserver/artswrapper.c (nonrelated bits removed)

        /* drop root privileges if running setuid root
           (due to realtime priority stuff) */
        if (geteuid() != getuid())
        {
                setreuid(-1, getuid());
        }

        if(argc == 0)
                return 1;
        argv[0] = EXECUTE;
        execv(EXECUTE,argv);
        perror(EXECUTE);
        return 1;
}

-- 
Jason Castonguay

Next message: Sebastian: "Re: Retarded *feature* in ftp4all"
Previous message: Doru Petrescu: "Re: Vuln in Verisign PayFlow Link payment service"
In reply to: Fuska: "artsd overflow"
Next in thread: H D Moore: "Re: artsd overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 04 2002 - 10:26:12 PST