Bugtraq: shotgun-1.1b buffer overflow(s)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

shotgun-1.1b buffer overflow(s)

From: dube0866 () EUROBRETAGNE FR (PLaGuEZ)
Date: Sat, 1 Jan 1994 13:52:01 +0100


hello,

for those who dont have time to read README files, here is a piece of
advise about a svgalib-based (=suid root) linux file manager called
shotgun (release 1.1b, found on sunsite; is there a newer one ?).

The author writes in this readme file that bound checks are to be
done... Actually, this code badly needs those bound checks ! There
are more than 10 buffer overflows in the code, all while root perms
haven't been dropped, as required by svgalib.

I dont include any exploit, but they're really trivial and are a good
start for those interested in buffer overflows.

laters,

plaguez





------------------------
   plaguez / libpcap
dube0866 () eurobretagne fr
     www.innu.org
------------------------

By Date By Thread

Current thread:

Re: SunOS 4.1.4 ftp serious bug Homer W. Smith (Jun 16)
- Re: SunOS 4.1.4 ftp serious bug Dan Pritts (Jun 16)
  - Getpwnam bus error.. is this patched? Charles Howes (Jun 23)
    - Re: Getpwnam bus error.. is this patched? Casper Dik (Jun 24)
- Re: SunOS 4.1.4 ftp serious bug maximum entropy (Jun 16)
  - shotgun-1.1b buffer overflow(s) PLaGuEZ (Jan 01)
    - Re: shotgun-1.1b buffer overflow(s) Alan Cox (Jun 17)
  - Re: SunOS 4.1.4 ftp serious bug maximum entropy (Jun 16)