Bugtraq mailing list archives
Re: shotgun-1.1b buffer overflow(s)
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Tue, 17 Jun 1997 09:10:07 +0100
for those who dont have time to read README files, here is a piece of advise about a svgalib-based (=suid root) linux file manager called shotgun (release 1.1b, found on sunsite; is there a newer one ?).
svgalib programs while setuid root drop their setuidness as soon as they do the SVGA init. On most applications that makes root file exploits a bit harder. You still get a program with direct video access, which is enough to do plenty of harm. Alan
Current thread:
- Re: SunOS 4.1.4 ftp serious bug Homer W. Smith (Jun 16)
- Re: SunOS 4.1.4 ftp serious bug Dan Pritts (Jun 16)
- Getpwnam bus error.. is this patched? Charles Howes (Jun 23)
- Re: Getpwnam bus error.. is this patched? Casper Dik (Jun 24)
- Getpwnam bus error.. is this patched? Charles Howes (Jun 23)
- Re: SunOS 4.1.4 ftp serious bug maximum entropy (Jun 16)
- shotgun-1.1b buffer overflow(s) PLaGuEZ (Jan 01)
- Re: shotgun-1.1b buffer overflow(s) Alan Cox (Jun 17)
- Re: SunOS 4.1.4 ftp serious bug maximum entropy (Jun 16)
- shotgun-1.1b buffer overflow(s) PLaGuEZ (Jan 01)
- Re: SunOS 4.1.4 ftp serious bug Dan Pritts (Jun 16)