Vulnerability Development mailing list archives
Re: buffer overflow on whois (redhat linux 7.0/7.1 on i686)
From: jon schatz <jon () divisionbyzero com>
Date: 31 Jan 2002 11:30:43 -0800
On Thu, 2002-01-31 at 08:37, ladd harris wrote:
Testing the whois -p i also get a core dump on red hat 7.1....tried two machines both seem effected. whether it can be exploited i do not still need to do more tests......
but what are you going to exploit? i found this bug a while ago, but
never reported it because
1) the (newer) whois-1.0.9-1 rpm fixed the problem, and
2) whois isn't setuid. and never needs to be
so at most, you're talking about executing code as yourself, which you
can do without a buffer overflow.
-jon
--
jon () divisionbyzero com || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus?: www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: buffer overflow on whois (redhat linux 7.0/7.1 on i686) jon schatz (Jan 31)
- Re: buffer overflow on whois (redhat linux 7.0/7.1 on i686) Blake Frantz (Jan 31)
- Re: buffer overflow on whois (redhat linux 7.0/7.1 on i686) Jeff Nathan (Feb 01)
- Re: buffer overflow on whois (redhat linux 7.0/7.1 on i686) Blake Frantz (Jan 31)