Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1998: Re: buffer overflow in msgchk

Re: buffer overflow in msgchk

Erwin J. van Eijk (eijkhuygens.org)
Wed, 13 May 1998 09:37:16 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Solar Designer: "John the Ripper v1.5"
Previous message: Eric Monti: "3COM: Security Advisory (fwd)"
In reply to: Jorge Hurtado Rojo: "buffer overflow in msgchk"
Next in thread: Aleph One: "Re: buffer overflow in msgchk"

jorge> Sometime ago was published in bugtraq that a vulnerabily existed in the
jorge> msgchk program, which is installed suid root in redhat 5.0:

jorge> msgchk -host `perl -e 'print "A" x 2000'`

jorge> leads to a segfault, which can be exploited to get root access.

This vulnerability is not present when using mh-6.8.4-6 in RH
5. msgchk ends with

msgchk: argument AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAA (2000 times) too long

Grtz
EJ
--
+--------------------+ There's only one rule:
| Erwin J.  van Eijk |          The golden rule.
| eijkacm.org       | He who owns the gold, rules.
+--------------------+

Next message: Solar Designer: "John the Ripper v1.5"
Previous message: Eric Monti: "3COM: Security Advisory (fwd)"
In reply to: Jorge Hurtado Rojo: "buffer overflow in msgchk"
Next in thread: Aleph One: "Re: buffer overflow in msgchk"