Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

http://www.eden.com/~tfast/jihad.html

From: devel () MEAT PLAGUEZ ORG (Compte de developpement)
Date: Sun, 2 Jan 1994 15:35:09 +0100

zgv/svgalib "vulnerability" ?

hello,

i dont really see where the problem with zgv/svgalib is.

There is obviously a buffer overflow with the $HOME
environment variable, but all my attemps to exploit
this failed: svgalib had well dropped root perms
(see below). Any idea ?
(i'm using Redhat 3.0.3, 4.0.0, svgalib 1.2.9)


From vga_init():

     ...
     seteuid(getuid());
     setgid(getegid());
     ...


Sample try:

[devel@plaguez]$ uname -a
Linux plaguez 2.0.30 #7 Sat Jun 21 09:35:21 MET 1997 i486
[devel@plaguez]$ ls -al /usr/bin/zgv
-r-s--x--x   1 root     root        87780 Feb 26  1996 /usr/bin/zgv
[devel@plaguez]$ ./overflow HOME 1124 0 /usr/bin/zgv
bash$




------------------------
   plaguez / libpcap
dube0866 () eurobretagne fr
  http://www.innu.org
------------------------

p.s: i'm looking for a job this summer. Maybe ... ;)
Previous By Date Next
Previous By Thread Next

Current thread: