|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: hipnosis hipnosis (hipnosis_at_softhome.net)
Date: Mon Jan 13 2003 - 13:08:12 CST
('binary' encoding is not supported, stored as-is)
Hi everybody
Though I dont know if this vulnerability has be discovered previously I
found a buffer overflow in the app uucp of SunOS 5.8 that it could be used
to get privileges of uucp.
Buffer is overflow when the app uucp is executed with the parameter -s
continued of a string bigger than 7525 bytes.
hipnosis% uucp -s `perl -e 'print "A"x7526'`
Segmentation Fault
hipnosis% uucp -s `perl -e 'print "A"x7525'`
hipnosis%
I have not been able to debug the app for see if the registers are
overwrites because i have not any debugger in my machine and i have not
too time.
My system:
hipnosis% uname -a
SunOS averroes 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-250
hipnosis%
Suid:
hipnosis% ls -l /usr/bin/uucp
---s--x--x 1 uucp uucp 66940 eno 5 2000 /usr/bin/uucp
hipnosis%
Well, bye everybody
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]