[30594] in bugtraq
[STX] Multiple Security Vulnerabilities
daemon@ATHENA.MIT.EDU (ace@static-x.org)
Thu Jul 3 19:44:42 2003
Date: 3 Jul 2003 17:39:11 -0000
Message-ID: <20030703173911.30373.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <ace@static-x.org>
To: bugtraq@securityfocus.com
Multiple files vulnerable to a buffer overflow:
-
gnuchess is an updated version of the GNU chess playing program. It has a
simple alpha-numeric board display, an IBM PC compatible interface, or it
can be compiled for use with the chesstool program on a SUN workstation or
with the xboard program under X-windows.
-
gnuan produces an analysis of a chess game. For each move it shows the
move, the score and the principle variation selected by gnuchess.
-
isdnrep reads the isdnlog log files, generates reports, does
statistics, and other things. It can also generate HTML output for use
with a web server.
; By default the above are not suid.
proof of concept code for the above can be found at:
http://www.static-x.org/hax.php?pwned=code
