Vulnerability Development: nonsuid overflows... still at risk?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

nonsuid overflows... still at risk?

From: KF <dotslash () snosoft com>
Date: Tue, 05 Jun 2001 12:59:19 -0400

Here are several binaries on SCO that are not suid however seem to have
classic 
overflows... I was wondering if these could be exploited due to the fact
that a number
of programs calls them. vi pg and more are the binaries in question. 

# SCO_SV frodev 3.2 5.0.6 i386
#  TERM=`perl -e 'print "A" x 7000'`
# export TERM
# vi
Memory fault - core dumped
# pg
Memory fault - core dumped
# more
Memory fault - core dumped

Perhaps vi is exploitable via a suid program calling it?
# ls -al /usr/bin/crontab
lrwxrwxrwx   1 root     root          39 Mar 26 08:23 /usr/bin/crontab
-> /opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab
# ls -al /opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab
---x--s--x   1 bin      cron       39940 Jul 28  2000
/opt/K/SCO/Unix/5.0.6Ga/usr/bin/crontab

# ls core*
core
# rm core
# crontab -e
note there was no message about it but there is a new core file. 
# ls core
core

input anyone?

-KF

By Date By Thread

Current thread:

nonsuid overflows... still at risk? KF (Jun 05)
- TCSH problems? Alex (Jun 06)
  - Re: TCSH problems? Alex (Jun 06)
    - Re: TCSH problems? Alex (Jun 06)
    - Re: TCSH problems? Mike Duncan (Jun 06)
    - Re: TCSH problems? Flux9 (Jun 06)