Bugtraq mailing list archives
Berkley DB problem in slackware distribution
From: mb () SIME COM (Martin Bene)
Date: Thu, 16 Jul 1998 09:22:40 +0200
Hi! I recently ran into a potential problem with berkley db 1.85 as distributed with all versions of slackware linux: (fixed in slackware 3.5 as of 07.14.98) libdb.so.1.85.4 defines snprintf and vsnprintf as calls to normal sprintf and vsprintf. Meaning: if you link any program against this lib and aren't careful about library linking order, you'll overload the working procedures from libc with the dummy-definitions from libdb and thus end up with broken (v)snprintf. Your programs will be vulnerable to buffer overflows even though correctly coded to avoid it. (I ran into this wile experimenting with a qpopper patch to directly write sucessfull pop3 logins to a database for use with sendmail pop_auth hack). Bye, Martin -------------------------------------------------- Martin Bene vox: +43-664-3251047 simon media fax: +43-316-813824-6 Andreas-Hofer-Platz 9 e-mail: mb () sime com 8010 Graz, Austria -------------------------------------------------- finger mb () mail sime com for PGP public key
Current thread:
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) James Bonfield (Jul 13)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Leendert van Doorn (Jul 13)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Aggelos P. Varvitsiotis (Jul 14)
- <Possible follow-ups>
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Dr. Mudge (Jul 13)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Darren J Moffat - SunService ETZ-N OS Product Support Group (Jul 14)
- Linux and world-writable /tmp - UPDATE (fwd) Michal Zalewski (Jul 11)
- Berkley DB problem in slackware distribution Martin Bene (Jul 16)
- Re: Linux and world-writable /tmp - UPDATE (fwd) Olaf Kirch (Jul 16)
- Re: Linux and world-writable /tmp - UPDATE (fwd) Michal Zalewski (Jul 12)
- Linux and world-writable /tmp - UPDATE (fwd) Michal Zalewski (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Eric Johnson (Jul 15)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 15)
- S.A.F.E.R. Security Bulletin 980708.DOS.1.1 Security Research Team (Jul 16)
- Sun Security Bulletin #00172 (fwd) joshua grubman (Jul 15)