Bugtraq mailing list archives
Re: KDE: /usr/bin/kdesud, gid = 0 exploit
From: chmouel () MANDRAKESOFT COM (Chmouel Boudjnah)
Date: Sun, 28 May 2000 23:38:59 +0200
noir <noir () GSU LINUX ORG TR> writes:
/usr/bin/kdesud has DISPLAY enviroment variable overflow. tested on Mandrake 7.02 (Air), exploit will get you gid=0
Here is the patch : --- kdesu/kdesud/kdesud.cpp.chmou Sun May 28 23:31:28 2000 +++ kdesu/kdesud/kdesud.cpp Sun May 28 23:31:41 2000 @@ -161,7 +161,8 @@ struct sockaddr_un addr; addr.sun_family = AF_UNIX; - strcpy(addr.sun_path, sock.c_str()); + strncpy(addr.sun_path, sock.c_str(), sizeof(addr.sun_path) - 1); + addr.sun_path[sizeof(addr.sun_path) - 1] = 0; addrlen = SUN_LEN(&addr); if (bind(sockfd, (struct sockaddr *)&addr, addrlen) < 0) { xerror("bind(): %s"); -- MandrakeSoft Inc http://www.mandrakesoft.com In travel. --Chmouel
Current thread:
- Re: KDE: /usr/bin/kdesud, gid = 0 exploit Chmouel Boudjnah (May 28)