Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Still More Overflows
From: marc () SUSE DE (Marc Heuse)
Date: Wed, 22 Mar 2000 22:39:18 +0100


Hi,

Way back in August of 1998 I posted a message to this list about a
handful of buffer overflows in various utilities that shipped with SuSE
Linux 6.2.  It seems that after a year and half a few of these bugs
STILL exist.  None of these utilities are harmful by themselves, just
they may open a security hole when called by a priviledged program (see
compress below).  The original message can be found here:

35EE534C.B0031C53 () usa 
net">http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-08-29&msg=35EE534C.B0031C53 () usa net</A>

as you already noted: they are all not privileged. but you are right, that
they might be called by a privilged process/program and therefore lead to a
compromise of the system.
However, those culprits are not the only one. *many* if not most have got
this problems. or other problems as well, like insecurely creating temporary
files ... if you check the so called "user security" of the average
executable in the /usr/bin directory you should fear the worst.

but the solution is of course not to run for cover and not doing anything.
however fixing these bugs are pretty hard. First they are numerous, second
it's senseless if SuSE, redhat, caldera etc. etc. fix such bugs on their own
(waste of ressources!) so patches should be incorporated by the maintainer.
and this is often the hard thing: try it out and you will often hear
"thanks, but your patch doesn't compile on VMS 6.0 and other-weird-system,
...". Or sometimes they never reply or are bothered by your patch. Or they say
what many other people say: "why bother? it´s not priviliged".

the openbsd team did a great and successful support in securing also the
"user space". they are making all their patches available. but still the
maintainers of the programs don't incorporate them. what a waste of ressources.
*sigh*

And then for the next problem: TIME. we are busy fixing important security
holes and writing security software. This of course has got priority.

However, I will see, that the bugs you mentioned will get fixed - at least
within SuSE, but of course I'll pass the patch on to our colleagues from the
other distributions and of course try to get patches incorporated by the
maintainers...:-)

Greets,
        Marc

--
   Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
   E () mail: marc () suse de  Function: Security Support & Auditing
   "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka"
Key fingerprint = B5 07 B6 4E 9C EF 27 EE  16 D9 70 D4 87 B5 63 6C



  By Date           By Thread  

Current thread:
  • Still More Overflows H D Moore (Mar 19)
    • <Possible follow-ups>
    • Re: Still More Overflows Marc Heuse (Mar 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault