Bugtraq mailing list archives
simple kde exploit fix
From: dzhao () LURK KELLOGG NWU EDU (David Zhao)
Date: Sun, 17 May 1998 14:52:10 -0500
in kdebase/kscreensaver/kscreensave.cpp: change: line 18: strcpy( buffer, getenv("HOME") ); to strncpy( buffer, getenv("HOME"), 256); and line 34: strcpy( buffer, KApplication::kde_bindir() ); to strncpy( buffer, KApplication::kde_bindir(), 256 ); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This one probably isn't crucial, but it's good programming anyway this fixes the exploit given and is a classic stack overflow exploit, the thing is KDE uses the getenv function multiple times to get the home directory (in other kde suites and programs as well) instead of getting it from the passwd file, strange. Most are not vulnerable cause they aren't suid, but it still seems to be bad programming since you can change the environment from the shell. The only suid programs are klock, kppp, and the *.kss files, I haven't checked the kss programs for bugs yet, but this will fix the klock. ==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-== | David Zhao UNIX Systems Admininstrator | Live Free or DIE | | Kellogg School of Management | | | |\ | | \ / | | ICQ Internet ID: 7892139 | | | | \ | | X | | Work Ph: (847) 467-3015 Pager: (847) 205-8674 | |_| | \| | / \ | | | "Sometimes I think I'm stupid, other times I just am"| | -- Dennis Kiilerich =============================================================================
Current thread:
- Re: easy DoS in most RPC apps Peter van Dijk (May 10)
- Re: easy DoS in most RPC apps Peter van Dijk (May 12)
- Re: easy DoS in most RPC apps Bill Trost (May 13)
- <Possible follow-ups>
- Re: easy DoS in most RPC apps Peter van Dijk (May 14)
- Re: easy DoS in most RPC apps David LeBlanc (May 17)
- Re: easy DoS in most RPC apps Scott Stone (May 17)
- Re: easy DoS in most RPC apps Bill Paul (May 17)
- Re: easy DoS in most RPC apps Olaf Kirch (May 18)
- simple kde exploit fix David Zhao (May 17)
- Re: simple kde exploit fix Luca Berra (May 18)
- NFS shell Leendert van Doorn (May 18)
- Re: NFS shell Oliver Friedrichs (May 19)
- Re: NFS shell Leendert van Doorn (May 19)
- Re: easy DoS in most RPC apps Scott Stone (May 17)
- Re: easy DoS in most RPC apps Peter van Dijk (May 12)
- Re: simple kde exploit fix Andreas Jellinghaus (May 18)
- DHCP 1.0 and 2.0 SECURITY ALERT! (fwd) Chris Evans (May 18)