[7454] in bugtraq
Possible root exploit in Linux povray
daemon@ATHENA.MIT.EDU (Luke)
Wed Jul 29 02:36:27 1998
Date: Tue, 28 Jul 1998 21:57:18 -0600
Reply-To: Luke <luke@UTW.COM>
From: Luke <luke@UTW.COM>
To: BUGTRAQ@NETSPACE.ORG
In the official (3.02) release of povray for linux, the s-povray binary
must be installed suid root to function (complains about not being able to
open /dev/console without it). Giving a large filename:
$ s-povray -I`perl -e "print 'A'x1000"`
results in segfault. Glancing over the code reveals a lot of strcpy()'s
and strcat()'s. Dunno, need sleep now, work on exploit later if have time :)
Luke
