Home page logo
/

bugtraq logo Bugtraq mailing list archives

simple kde exploit fix
From: dzhao () LURK KELLOGG NWU EDU (David Zhao)
Date: Sun, 17 May 1998 14:52:10 -0500


in kdebase/kscreensaver/kscreensave.cpp:

change:
line 18:        strcpy( buffer, getenv("HOME") );
                to
                strncpy( buffer, getenv("HOME"), 256);

and
line 34:        strcpy( buffer, KApplication::kde_bindir() );
                to
                strncpy( buffer, KApplication::kde_bindir(), 256 );
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        This one probably isn't crucial, but it's good programming anyway

this fixes the exploit given and is a classic stack overflow exploit, the
thing is KDE uses the getenv function multiple times to get the home
directory (in other kde suites and programs as well) instead of getting it
from the passwd file, strange. Most are not vulnerable cause they aren't
suid, but it still seems to be bad programming since you can change the
environment from the shell. The only suid programs are klock, kppp, and
the *.kss files, I haven't checked the kss programs for bugs yet, but this
will fix the klock.

==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==
| David Zhao       UNIX Systems Admininstrator         |  Live Free or DIE  |
| Kellogg School of Management                         |   | | |\  | | \ /  |
| ICQ Internet ID: 7892139                             |   | | | \ | |  X   |
| Work Ph: (847) 467-3015  Pager: (847) 205-8674       |   |_| |  \| | / \  |
|
| "Sometimes I think I'm stupid, other times I just am"|
|                                               -- Dennis Kiilerich
=============================================================================



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault