Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: minor (?) mc bug

Re: minor (?) mc bug

From: Blue Boar <BlueBoar_at_THIEVCO.COM>
Date: Sat, 13 Nov 1999 12:53:54 -0800

m4rcyS wrote:
>
> Hi,
>
> I think that's nothing dangerous but plz try this by yourself.
>
> Run mc. Press F9, select Right/Left, select Tree. All is ok so
> far, but do the same sequence once more and ... voila, nice
> seg fault. Gdb says that there is overflow in strcpy(). Plz check
> this out.
>

A quick glance at a RH 5.2-based system I have indicates that mc was not
setuid or setgid. I can't really imagine it being used via CGI or anything
like that.

Does anyone know if it's ever used in any context that would permit
privilege elevation? Captive shell or something, perhaps?

I've got nothing against fixing bugs in programs, but if there's not a
security impact this may not be the most appropriate forum.

                                                        BB
Received on Nov 13 1999

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos