[1396] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] write(1) leak

daemon@ATHENA.MIT.EDU (David Holland)
Sun Jan 19 11:39:48 1997

From: David Holland <dholland@eecs.harvard.edu>
To: linux-security@redhat.com
Date: Sun, 19 Jan 1997 02:29:06 -0500 (EST)
Cc: dholland@burgundy.eecs.harvard.edu (David Holland)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

Some versions (the util-linux version, but not the netwrite or netkit
versions) of /usr/bin/write have a buffer overrun problem that is
almost certainly exploitable. Note that this gives access to the tty
group, but not (directly) root.

The fix is to change the two sprintfs to snprintfs. Patches have been
mailed to the maintainer.

-- 
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino


home help back first fref pref prev next nref lref last post