[17182] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

solaris8 dtmail

daemon@ATHENA.MIT.EDU (scanf)
Thu Oct 12 15:52:24 2000

Message-Id:  <200010112217.e9BMHrY04291@monline-is.com>
Date:         Wed, 11 Oct 2000 22:17:53 GMT
Reply-To: scanf <scanf@MONLINE-IS.COM>
From: scanf <scanf@MONLINE-IS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM

hi,
I was playing around on my solaris8 box and i found something strange.

console@sunrise:pts/11:~$ /usr/dt/bin/dtmail
libSDtMail: Error: Xt Error: Can't open display:
console@sunrise:pts/11:~$ export DISPLAY="%s%s%s"
console@sunrise:pts/11:~$ /usr/dt/bin/dtmail
Segmentation Fault
console@sunrise:pts/11:~$

first glance it appears to be a format string vuln.  however i checked a little further.

console@sunrise:pts/11:~$ export DISPLAY="%"
console@sunrise:pts/11:~$ /usr/dt/bin/dtmail
Segmentation Fault
console@sunrise:pts/11:~$

It only needed a % to crash.  I don't have the source to this so I decided not to check it further.  It might be soem parse'ing error in the code.  I posted this in case anybody wants to investigate it.

console
console@sunrise.monline-is.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[17182] in bugtraq

solaris8 dtmail

daemon@ATHENA.MIT.EDU (scanf)Thu Oct 12 15:52:24 2000

daemon@ATHENA.MIT.EDU (scanf)
Thu Oct 12 15:52:24 2000