[22935] in bugtraq
gm4 format strings on OSX
daemon@ATHENA.MIT.EDU (dotslash@snosoft.com)
Sun Oct 21 12:38:51 2001
Date: Sat, 20 Oct 2001 12:22:31 -0700
Mime-Version: 1.0 (Apple Message framework v472)
Content-Type: text/plain; charset=US-ASCII; format=flowed
From: dotslash@snosoft.com
To: bugtraq@securityfocus.com
Content-Transfer-Encoding: 7bit
Message-Id: <CEED4600-C58F-11D5-9986-00039305969A@snosoft.com>
This in itself is not an issue due to the lack of a suid bit... however
if I remember correctly there were a few linux suid root binaries that
were reliant
upon m4 in some way or another thus making them vulnerable to a local
root expoit. This is on osx 10.1.
[OSXBOX:~] elguapo% ls -al `which m4`
-r-xr-xr-x 1 root wheel 26696 Sep 2 20:59 /usr/bin/m4
[OSXBOX:~] elguapo% ls -al `which gm4`
-rwxr-xr-x 1 root wheel 97464 Sep 2 20:53 /usr/bin/gm4
[OSXBOX:~] elguapo% m4 %p
m4: %p: No such file or directory
[OSXBOX:~] elguapo% gm4 %p
gm4: 0x4f4d453d: No such file or directory
[OSXBOX:~] elguapo% gm4 %s
gm4: Memory bounds violation detected (SIGSEGV). Either a stack overflow
occurred, or there is a bug in gm4. Check for possible infinite
recursion.
Segmentation fault
-KF
