Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Solaris /usr/lib/exrecover buffer overflow
From: Florian Weimer <Florian.Weimer () RUS UNI-STUTTGART DE>
Date: Thu, 11 Jan 2001 11:54:45 +0100

Pablo Sor <psor () AFIP GOV AR> writes:

The /usr/lib/exrecover contains a buffer overflow
(this command is suid in Solaris 2.4/5/6)

This buffer overflow is probably not specific to Solaris, but already
contained in the original AT&T/UCB vi sources.  It seems as if
exrecover never was designed to be installed setuid root.

--
Florian Weimer                    Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]