[9850] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Solaris "/usr/bin/write" bug

daemon@ATHENA.MIT.EDU (John RIddoch)
Tue Mar 9 13:33:28 1999

Date: 	Tue, 9 Mar 1999 17:16:26 +0000
Reply-To: John Riddoch <jr@master.scms.rgu.ac.uk>
From: John RIddoch <jr@SCMS.RGU.AC.UK>
To: BUGTRAQ@NETSPACE.ORG

>when playing around with "/usr/bin/write" on Solaris 2.6 x86 , I found
something
> interesting.
>It's buffer overflow bug in "/usr/bin/write"
>To ensure, view this command :
>
>( Solaris 2.6 x86 )
>[loveyou@/user/loveyou/buf]{30}% write loveyou `perl -e 'print "x" x 97'`
>[loveyou@/user/loveyou/buf]write loveyou `perl -e 'print "x" x 97'`
>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>( Solaris 2.6 and 2.7 maybe .. )

This also segfaults under Solaris 2.6 and 7 on SPARC.

I'm not sure how exploitable this is, as it is only sgid tty, which isn't a
huge problem (but could be nonetheless, I suppose).

--
John Riddoch	Email: jr@scms.rgu.ac.uk	Telephone: (01224)262730
Room C4, School of Computer and Mathematical Science
Robert Gordon University, Aberdeen, AB25 1HG
I am Homer of Borg. Resistance is Fu... Ooooh! Donuts!


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[9850] in bugtraq

Re: Solaris "/usr/bin/write" bug

daemon@ATHENA.MIT.EDU (John RIddoch)Tue Mar 9 13:33:28 1999

daemon@ATHENA.MIT.EDU (John RIddoch)
Tue Mar 9 13:33:28 1999