Bugtraq mailing list archives

More Overflows...

From: hdmoore () USA NET (HD Moore)
Date: Thu, 3 Sep 1998 03:29:01 -0500


After gong over the recent posts concerning the overflows present in
minicom, nslookup, etc, I decided to see what else is vulnerable on my
system.  I am running SuSe 5.2 with 64 Mb of EDO RAM and kernel 2.0.35.
Heres what i found...

smbclient        version:  1.9.18p3    Overflow occurs after 8505
characters
compress        version:  4.2.4          Overflow at 1100 characters
elvis                version:  2.0              Lots of fun quirks over
1000-100000; maybe an exploit symlinking with tmp's
lha                   version:  1.02            Overflow at  >19211

There are many more but im too tired to document them, if you have any
questions, I can be reached at hdmoore () usa net
The  major concern i have is non-priveledged users trashing system files
with suid apps, please check ALL your suid's for overflows...Anyways,
Thrill Kill rocked and im beat and bloody from the pit, so goodnight.

Current thread:

More Overflows... HD Moore (Sep 03)
- <Possible follow-ups>
- Re: More Overflows... Marc Heuse (Sep 04)
  - Re: More Overflows... Theo de Raadt (Sep 04)
  - Re: More Overflows... Aaron Bornstein (Sep 04)