Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Linux GNOME exploit
From: azz () GNU ORG (Adam Sampson)
Date: Tue, 28 Sep 1999 21:44:52 +0100

On Mon, Sep 27, 1999 at 02:25:02PM -0400, Elliot Lee wrote:

Virtually any program using the GNOME libraries is vulnerable to a
buffer overflow attack.  The attack comes in the form:
/path/to/gnome/prog --enable-sound --espeaker=$80bytebuffer



(b) I tried specifying a very long argument to --espeaker, and achieved
    no success in making anything segfault etc. (esound 0.2.14).


On my box:

[[azz () cartman ~]$ panel --version
Gnome panel 1.0.6
[[azz () cartman ~]$ panel --enable-sound --espeaker=11111111111111111111111111\
111111111111111111111111111111111111111111111111111111111111111111111
Can't resolve host name
"1111111111111111111111111111111111111111111111111111111111111111111111111111
1111111111111111111"!
Segmentation fault

I'm using esound 0.2.8. This is probably more a libesd issue than a GNOME
issue...

But X programs, as said before, should under no conditions be suid. In fact,
nothing longer than 100 lines would be suid if I had anything to do with it.
:)

--

Adam Sampson
azz () gnu org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]