[1547] in linux-security and linux-alert archive
[linux-security] Re: cxterm buffer overrun
daemon@ATHENA.MIT.EDU (Albert D. Cahalan)
Thu May 15 05:23:39 1997
From: "Albert D. Cahalan" <acahalan@cs.uml.edu>
To: linux-security@redhat.com
Date: Wed, 14 May 1997 16:35:47 -0400 (EDT)
Reply-To: acahalan@NO-SPAM.cs.uml.edu
Resent-From: linux-security@redhat.com
> cxterm is a Chinese terminal emulator for
> the X Window System. It's installed as
> suid-root by default if you did a make
> install. Just like xterm, it does needs
> to be suid to update /etc/utmp...blahblah...
>
> I discovered some buffer overflow bugs in it.
> The code attached below is the exploit.
>
> Quick fix? chmod -s /path/cxterm
Better fix: I think you can stop that in the kernel and even
get a log of who tried to exploit it.
http://www.linuxhq.com/lnxlists/linux-kernel/lk_9705_02/0453.html
The patch is well thought out, with consideration for signals
and trampolines.
----
moderator, I prefer to read this on the web