Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

RE: Vi buffer overflow
From: batz <batsy () vapour net>
Date: Fri, 9 Nov 2001 14:37:32 -0500 (EST)
On Fri, 9 Nov 2001, Lord, Steve (ISS London) wrote:

:
:Hmmm.... vi is the default editor on a lot of systems, not sure about SCO.
:However, the default editor is launched by suid programs (e.g crontab -


The only time that I can think of it being invoked suid would
be via 'sudo' or with chpass, chfn or other user management
commands. Even then, I don't think that the vi process itself
is as user root. Worth checking tho. 

This would be a problem if something like sed or ed were vulnerable, 
as they are used in crontabs. 

--
batz
Reluctant Ninja
Defective Technologies

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]