Bugtraq: Re: Slrnpull Buffer Overflow (-d parameter)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Slrnpull Buffer Overflow (-d parameter)

From: Bill Nottingham <notting () redhat com>
Date: Tue, 30 Apr 2002 12:08:56 -0400

Alex Hernandez (alex_hernandez () ureach com) said:

Linux RH.6.2 Sparc64 and below versions.


On Red Hat Linux 6.2 for sparc:

# ls -l /usr/bin/slrnpull
-rwxr-s---    1 news     news        48688 Feb  7  2000 /usr/bin/slrnpull 
# rpm -q slrn-pull
slrn-pull-0.9.6.2-4

With all updates applied:

# ls -l /usr/bin/slrnpull
-rwxr-s---    1 root     news        55456 Mar  1  2001 /usr/bin/slrnpull
# rpm -q slrn-pull
slrn-pull-0.9.6.4-0.6

Hence, while you may be able to get group news, the program is only
runnable by group news. So, I don't think there are any security
implications here.

Bill

By Date By Thread

Current thread:

Slrnpull Buffer Overflow (-d parameter) Alex Hernandez (Apr 22)
- Re: Slrnpull Buffer Overflow (-d parameter) Bill Nottingham (Apr 30)