Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Berkley DB problem in slackware distribution

From: mb () SIME COM (Martin Bene)
Date: Thu, 16 Jul 1998 09:22:40 +0200

Hi!

I recently ran into a potential problem with berkley db 1.85 as distributed
with all versions of slackware linux: (fixed in slackware 3.5 as of 07.14.98)

libdb.so.1.85.4 defines snprintf and vsnprintf as calls to normal sprintf
and vsprintf.

Meaning: if you link any program against this lib and aren't careful about
library linking order, you'll overload the working procedures from libc
with the dummy-definitions from libdb and thus end up with broken (v)snprintf.

Your programs will be vulnerable to buffer overflows even though correctly
coded to avoid it. (I ran into this wile experimenting with a qpopper patch
to directly write sucessfull pop3 logins to a database for use with
sendmail pop_auth hack).

Bye, Martin

--------------------------------------------------
 Martin Bene               vox: +43-664-3251047
 simon media               fax: +43-316-813824-6
 Andreas-Hofer-Platz 9     e-mail: mb () sime com
 8010 Graz, Austria
--------------------------------------------------
finger mb () mail sime com for PGP public key
Previous By Date Next
Previous By Thread Next

Current thread: