Bugtraq mailing list archives
Re: SunOS 5.6 (X86) lpset vulnerability
From: hso () UEN ORG (Holt Sorenson)
Date: Thu, 13 May 1999 12:16:31 -0600
--y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable On Tue, May 11, 1999 at 11:43:46AM +0900, kim yong-jun homepage=3Dce.hannam= .ac.kr/~s96192 wrote:
This is my second post to ButTraq. If this is old, I'm sorry. =20 =20 It's buffer overflow in "/usr/bin/lpset". =20 View this command : [loveyou@/] % /usr/bin/lpset -a key=3D`perl -e 'print "x" x 1006'` lovey=
ou
=20 [loveyou@/] % /usr/bin/lpset -a key=3D`perl -e 'print "x" x 1007'` lovey=
ou
Segmentation fault
This is also present on 2.6 sparc and on 2.7 sparc: Thu May 13 12:11:59 host1 ~ 294 $ uname -a SunOS host1 5.7 Generic_106541-01 sun4u sparc SUNW,Ultra-1 Thu May 13 12:12:10 host1 ~ 292 $ /usr/bin/lpset -a key=3D`perl -e 'print "x" x 1011'` alpr Segmentation Fault [host2] /home/user 131 > uname -a SunOS host2 5.6 Generic_105181-13 sun4u sparc SUNW,Ultra-1 [host2] /home/user 131 > /usr/bin/lpset -a \=20 key=3D`perl -e 'print "x" x 1011'` alpr Segmentation Fault --=20 Holt Sorenson hso () uen org http://www.uen.org/staff/hso PGP key id 0x4557CBD3 11/17/97 (DSS/Diffie-Hellman) PGP key fingerprint "EED8 93AF 9A77 8A7A A7DB 5041 B7E1 47BA 4557 CBD3" --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0 for non-commercial use MessageID: Pn1JqDCrNx3tW9CNvcQ3UvmckkC4uiBI iQA/AwUBNzsI7rfhR7pFV8vTEQJmgQCguofjWX3V8tdw0x7xYjdmMWLJ2X0AoONo Wb4OoKYf2ry8dkVPhRjkuJxw =pjyt -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6--
Current thread:
- SunOS 5.6 (X86) lpset vulnerability kim yong-jun homepage=ce.hannam.ac.kr/~s96192 (May 10)
- Re: SunOS 5.6 (X86) lpset vulnerability Craig Johnston (May 11)
- Re: SunOS 5.6 (X86) lpset vulnerability Sam Carter (May 13)
- - J.J.F. / Hackers Team warns for SSHD 2.x brute force password Patrick Oonk (May 13)
- Re: SunOS 5.6 (X86) lpset vulnerability Holt Sorenson (May 13)
- SYN floods against FreeBSD Richard Steenbergen (May 13)
- <Possible follow-ups>
- Re: SunOS 5.6 (X86) lpset vulnerability James Edwards (May 13)
- Re: SunOS 5.6 (X86) lpset vulnerability Michael Dooley (May 17)