[6789] in bugtraq
simple kde exploit fix
daemon@ATHENA.MIT.EDU (David Zhao)
Sun May 17 18:06:06 1998
Date: Sun, 17 May 1998 14:52:10 -0500
Reply-To: David Zhao <dzhao@LURK.KELLOGG.NWU.EDU>
From: David Zhao <dzhao@LURK.KELLOGG.NWU.EDU>
To: BUGTRAQ@NETSPACE.ORG
in kdebase/kscreensaver/kscreensave.cpp:
change:
line 18: strcpy( buffer, getenv("HOME") );
to
strncpy( buffer, getenv("HOME"), 256);
and
line 34: strcpy( buffer, KApplication::kde_bindir() );
to
strncpy( buffer, KApplication::kde_bindir(), 256 );
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This one probably isn't crucial, but it's good programming anyway
this fixes the exploit given and is a classic stack overflow exploit, the
thing is KDE uses the getenv function multiple times to get the home
directory (in other kde suites and programs as well) instead of getting it
from the passwd file, strange. Most are not vulnerable cause they aren't
suid, but it still seems to be bad programming since you can change the
environment from the shell. The only suid programs are klock, kppp, and
the *.kss files, I haven't checked the kss programs for bugs yet, but this
will fix the klock.
==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==
| David Zhao UNIX Systems Admininstrator | Live Free or DIE |
| Kellogg School of Management | | | |\ | | \ / |
| ICQ Internet ID: 7892139 | | | | \ | | X |
| Work Ph: (847) 467-3015 Pager: (847) 205-8674 | |_| | \| | / \ |
|
| "Sometimes I think I'm stupid, other times I just am"|
| -- Dennis Kiilerich
=============================================================================
