Bugtraq mailing list archives

[linux-security] write(1) leak

From: dholland () EECS HARVARD EDU (David Holland)
Date: Sun, 19 Jan 1997 12:10:00 -0600


Some versions (the util-linux version, but not the netwrite or netkit
versions) of /usr/bin/write have a buffer overrun problem that is
almost certainly exploitable. Note that this gives access to the tty
group, but not (directly) root.

The fix is to change the two sprintfs to snprintfs. Patches have been
mailed to the maintainer.

--
   - David A. Holland             |    VINO project home page:
     dholland () eecs harvard edu    | http://www.eecs.harvard.edu/vino

Current thread:

Smashing the stack on a DEC Alpha, (continued)
- - Smashing the stack on a DEC Alpha Lamont Granquist (Jan 16)
    - Re: Smashing the stack on a DEC Alpha Digital Dreamer (Jan 16)
    - Re: Smashing the stack on a DEC Alpha Julian Assange (Jan 16)
    - FreeBSD Security Advisory: SA-96:21 - talkd FreeBSD Security Officer (Jan 18)
    - Re: FreeBSD Security Advisory: SA-96:21 - talkd Theo de Raadt (Jan 20)
    - talkd problem Theo de Raadt (Jan 20)
    - Re: talkd problem David Holland (Jan 20)
    - Smashing the stack Zygo Blaxell (Jan 20)
    - Re: Smashing the stack David Holland (Jan 20)
    - Re: Smashing the stack Bill Sommerfeld (Jan 21)
    - [linux-security] write(1) leak David Holland (Jan 19)
    - [linux-security] write(1) leak David Holland (Jan 20)
- Irix: csetup hole Yuri Volobuev (Jan 06)