[18573] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Solaris /usr/lib/exrecover buffer overflow

daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Jan 12 13:04:56 2001

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <tgofxe740a.fsf@mercury.rus.uni-stuttgart.de>
Date:         Thu, 11 Jan 2001 11:54:45 +0100
Reply-To: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
From: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
X-To:         Pablo Sor <psor@AFIP.GOV.AR>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <3A5B6A5C.52333FAC@afip.gov.ar>

Pablo Sor <psor@AFIP.GOV.AR> writes:

> The /usr/lib/exrecover contains a buffer overflow
> (this command is suid in Solaris 2.4/5/6)

This buffer overflow is probably not specific to Solaris, but already
contained in the original AT&T/UCB vi sources.  It seems as if
exrecover never was designed to be installed setuid root.

--
Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

home	help	back	first	fref	pref	prev	next	nref	lref	last	post