|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow
Subject: Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow
From: Brock Tellier (btellier
USA.NET)
Date: Thu Jan 06 2000 - 13:24:35 CST
- Next message: swlodinIQUEST.NET: "PalmCrack - The password testing tool for the Palm Computing Platform"
- Previous message: Chan Wilson: "Re: majordomo local exploit"
- Maybe in reply to: ±è¿ëÁØ KimYongJun (99Á¹¾÷): "[Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Next in thread: Theodor Ragnar Gislason: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Next in thread: Darren Reed: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Maybe reply: Brock Tellier: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Reply: Theodor Ragnar Gislason: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>[Hackerslab bug_paper] Solaris chkperm buffer overflow
>
>[Hackerslab:/users/loveyou/buf]$ chkperm -n `perl -e 'print "x" x 200'`
>Segmentation fault (core dumped)
>
>it is recommended that the suid bit is
>removed from chkperm using command :
>
> chmod 400 /usr/vmsys/bin/chkperm
Hrm, yeah, I found this one some months ago while I was checking out chkperm's
ability to read bin-owned files. After some testing I concluded that, at
least on SPARC, the function where the overflow occurs will exit() before it
is allowed to return (and then return again), meaning that a buffer overflow
exploit is probably not possible. I would be interested to see if anyone came
to a different conclusion.
Brock Tellier
UNIX Systems Administrator
Chicago, IL, USA
btellierusa.net - www.technotronic.com/xnec
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
- Next message: swlodinIQUEST.NET: "PalmCrack - The password testing tool for the Palm Computing Platform"
- Previous message: Chan Wilson: "Re: majordomo local exploit"
- Maybe in reply to: ±è¿ëÁØ KimYongJun (99Á¹¾÷): "[Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Next in thread: Theodor Ragnar Gislason: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Next in thread: Darren Reed: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Maybe reply: Brock Tellier: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Reply: Theodor Ragnar Gislason: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Fri Jan 07 2000 - 11:57:34 CST