Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1997: [linux-security] Re: Re: so-called snprintf() in db-1.85.4

[linux-security] Re: Re: so-called snprintf() in db-1.85.4

Aleph One (aleph1DFW.NET)
Thu, 10 Jul 1997 07:32:06 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dominick Matthias PN OIL 6: "Re: CERT Advisory CA-97.20 - JavaScript Vulnerability"
Previous message: Aleph One: "[linux-security] Re: so-called snprintf() in db-1.85.4"
Next in thread: Willy TARREAU: "Re: [linux-security] Re: Re: so-called snprintf() in db-1.85.4"

---------- Forwarded message ----------
Date: Wed, 9 Jul 1997 11:20:08 -0400 (EDT)
From: Illuminati Primus <vermontgate.net>
To: Hal DeVore <hdevorebmc.com>
Cc: Thomas Roessler <roesslerguug.de>, linux-securityredhat.com
Subject: [linux-security] Re: Re: so-called snprintf() in db-1.85.4

ldd /usr/sbin/sendmail
        libgdbm.so.1 => /lib/libgdbm.so.1
        libdb.so.1 => /usr/lib/libdb.so.1
        libc.so.5 => /lib/libc.so.5

Does this mean that the all occurences of snprintf in my sendmail are now
susceptible to overflows?  Or might the order of the links to the
libraries override libdb's snprintf with the libc version?  I am unsure
about how symbols are loaded from libraries...

[mod: I'd vote "YES", sendmail is vulnerable. Strings on
/usr/sbin/sendmail gives "snprintf", quite close to the string
"libdb.so.2.0.0". The order of the links works as it should when
special libraries (like libdb) can override the default (in libc) -- REW]

Thanks for any info,
-vermontgate.net

On Wed, 9 Jul 1997, Hal DeVore wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
>
>
> roesslerguug.de wrote:
> > There is a severe problem with the db-1.85.4 library's Linux port
>
> I just ran nm on my libdb.a and found:
>
> snprintf.o:
> 00000000 t gcc2_compiled.
> 00000000 T snprintf
> 00000014 T vsnprintf
>          U vsprintf
>
> Without looking at the code I'd bet that the vsnprintf function supplied
> in this library similarly turns into a vsprintf.
>
> Hal
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3a
> Charset: noconv
>
> iQCVAwUBM8OG50Zrb8SDJ8hxAQE77wP/a10vOmulKy3hOcG9bqwBA64m7OEejqv7
> 7CiRGcRepHyowVMHvp2P7pITCYohGxpEweljnA4iqHy8WG68No8pK2YOjp7RDLda
> WcS+CvImoLX7gBZK3LBQpmWqtrHfwO/I3QaqfietW93mG0PPrysRGhUNi94+MKB5
> 4SUgslHA42U=
> =AkPG
> -----END PGP SIGNATURE-----
>

Next message: Dominick Matthias PN OIL 6: "Re: CERT Advisory CA-97.20 - JavaScript Vulnerability"
Previous message: Aleph One: "[linux-security] Re: so-called snprintf() in db-1.85.4"
Next in thread: Willy TARREAU: "Re: [linux-security] Re: Re: so-called snprintf() in db-1.85.4"