[7288] in bugtraq
Berkley DB problem in slackware distribution
daemon@ATHENA.MIT.EDU (Martin Bene)
Thu Jul 16 16:54:50 1998
Date: Thu, 16 Jul 1998 09:22:40 +0200
Reply-To: Martin Bene <mb@SIME.COM>
From: Martin Bene <mb@SIME.COM>
To: BUGTRAQ@NETSPACE.ORG
Hi!
I recently ran into a potential problem with berkley db 1.85 as distributed
with all versions of slackware linux: (fixed in slackware 3.5 as of 07.14.98)
libdb.so.1.85.4 defines snprintf and vsnprintf as calls to normal sprintf
and vsprintf.
Meaning: if you link any program against this lib and aren't careful about
library linking order, you'll overload the working procedures from libc
with the dummy-definitions from libdb and thus end up with broken (v)snprintf.
Your programs will be vulnerable to buffer overflows even though correctly
coded to avoid it. (I ran into this wile experimenting with a qpopper patch
to directly write sucessfull pop3 logins to a database for use with
sendmail pop_auth hack).
Bye, Martin
--------------------------------------------------
Martin Bene vox: +43-664-3251047
simon media fax: +43-316-813824-6
Andreas-Hofer-Platz 9 e-mail: mb@sime.com
8010 Graz, Austria
--------------------------------------------------
finger mb@mail.sime.com for PGP public key
