Bugtraq: Re: More buffer overrun crap -- Solaris 2.5.1 /usr/bin/ps

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: More buffer overrun crap -- Solaris 2.5.1 /usr/bin/ps

From: kbrint () VISI COM (kevin brintnall)
Date: Sat, 10 May 1997 12:38:17 -0500

The second tidbit is an apparent buffer overrun in getopt() itself; it
blindly trusts argv[0] and it appears to generate its error message into
a local buffer.  :-)

In any case, even if these potential vulnerability aren't as exploitable
as I might think, I would feel much safer if Sun were to patch these.


the getopt(3) problem has been fixed since 103612-21.  the most current
libc patch is 103612-23.  Get It.

 kevin brintnall <kbrint () visi com>
 network engineer, vector internet
 E3979560EF3E00B7 36D422A3C0F3741C

By Date By Thread

Current thread:

SGI Security Advisory 19961203-02-PX - IRIX netprint Program, (continued)
- SGI Security Advisory 19961203-02-PX - IRIX netprint Program SGI Security Coordinator (May 08)
- Bug Serious problem in NEC SOCKS server Trevor Schroeder (May 09)
  - Re: Bug Serious problem in NEC SOCKS server Matt Bush (May 09)
  - Windows 95/NT DoS myst (May 09)
    - More buffer overrun crap -- Solaris 2.5.1 /usr/bin/ps Joe Zbiciak (May 10)
    - Re: More buffer overrun crap -- Solaris 2.5.1 /usr/bin/ps kevin brintnall (May 10)
    - Re: Windows 95/NT DoS Albert Siersema (May 10)
    - Re: Windows 95/NT DoS DiGennaro (May 10)
    - Re: Windows 95/NT DoS Alan Cox (May 11)
    - OOB Quick Fix Aleph One (May 10)
    - Microsoft PowerPoint Security Fix Aleph One (May 10)