Bugtraq mailing list archives
Re: vixie cron possible local root compromise
From: Wolfgang Wieser <wwieser () GMX DE>
Date: Wed, 14 Feb 2001 20:19:28 +0100
Note that the proposed patch... < strcpy(User, pw->pw_name); ---
strncpy(User, pw->pw_name, MAX_UNAME - 1);
does not completely patch the hole. Okay, shellcode will get cut off, but strncpy() does not '\0'-terninate the strings but I saw that the rest of the code (notably the next line strcpy(RealUser, User); ) assumes a standard '\0'-terninated string. So, the patch would be < strcpy(User, pw->pw_name); ---
strncpy(User, pw->pw_name, MAX_UNAME - 1); User[MAX_UNAME-1]='\0';
wwieser
Current thread:
- Re: vixie cron possible local root compromise, (continued)
- Re: vixie cron possible local root compromise Valdis Kletnieks (Feb 14)
- Re: vixie cron possible local root compromise Juergen P. Meier (Feb 15)
- Re: vixie cron possible local root compromise Nelson Brito (Feb 15)
- Re: vixie cron possible local root compromise Alan DeKok (Feb 13)
- Re: vixie cron possible local root compromise gabriel rosenkoetter (Feb 13)
- Re: vixie cron possible local root compromise Robert Bihlmeyer (Feb 15)
- Re: vixie cron possible local root compromise Alfred Perlstein (Feb 13)