Re: Security Problems in XMCD 2.1

felicitykluge.net

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Aleph One: "Administratriva"
• Previous message: David J. Meltzer: "Security Problems in XMCD 2.1"
• In reply to: David J. Meltzer: "Security Problems in XMCD 2.1"
• Next in thread: Jim Dennis: "Re: Security Problems in XMCD 2.1"

On Tue, 26 Nov 1996, David J. Meltzer wrote:

>    I have obtained the 2.1 release of XMCD and through a cursory
> examination of the code have uncovered another buffer overflow problem
> that appear to be exploitable to gain root access on the system.  I have
> not verified that the hole is exploitable, although it definitely exists.
> As I stated before, if you remove the suid bit from xmcd, then you do not
> have to worry about upgrading other than for the new features that have
> been added, whether you can still function xmcd without the suid bit
> varies depending on your system.

On a side tangent, I grabbed the 2.1 binary (since I don't have the motif
libraries under Linux...) and installed it.  It's not setuid by default...

On a side tangent, the standard rule of thumb is:  "If a program doesn't
really need SUID/GID, don't give it SUID/GID." ...  Doesn't fix the buffer
overrun, but it doesn't give the user root either...

--
-----------------------------------------------------------------------------
Theo Van Dinter                          www: http://www.kluge.net/~felicity/
Vice-President WPI Lens and Lights             Active Member in SocComm Films
Member of WPI ACM                              AME for the Masque B-Term Show

                    Guillotine operators get severance pay.
-----------------------------------------------------------------------------

• Next message: Aleph One: "Administratriva"
• Previous message: David J. Meltzer: "Security Problems in XMCD 2.1"
• In reply to: David J. Meltzer: "Security Problems in XMCD 2.1"
• Next in thread: Jim Dennis: "Re: Security Problems in XMCD 2.1"