Bugtraq mailing list archives
Re: Details on the updated namazu packages that are available
From: knok () daionet gr jp (NOKUBI Takatsugu)
Date: Fri, 11 Jan 2002 10:07:52 JST
In article <3C3CCEFE.6080501 () snosoft com> dotslash () snosoft com writes:
Doh! Looks like I slept on this one too long... heres some of my personal notes on exploiting this issue. Have fun.
Thanks for your report.
Here is my research on the above issues: There are several buffer overflows in the QUERY_STRING options Unfortunately the check in namazu.h screws us...
Yes, I had recognized it. So there is a notice about it as the follwing; libnamazu.h: enum { /* Size of general buffers. This MUST be larger than QUERY_MAX */ BUFSIZE = 1024, QUERY_TOKEN_MAX = 32, /* Max number of tokens in the query. */ QUERY_MAX = 256, /* Max length of the query. */ INDEX_MAX = 64 /* Max number of databases */ }; .. Oops, it is only QUERY_MAX, not mentioned about CGI_QUERY_MAX. I'll fix it.
In other words unless you have modified namazu then you are not vuln. Now we can exploit this via the command line as a side note ... although its not suid... [root@linuxppc src]# ./namazu querystring `perl -e 'print "A" x 1024'` Results: References: [ (can't open the index) ] No document matching your query. Aborted (core dumped)
CGI program (namazu.cgi) and command-line programm (namazu) is separated, and command-line program is prohibited to invoke as CGI. Therefore I think it is not so serious. At all events, I'll fix it in next release. Thanks. -- NOKUBI Takatsugu E-mail: knok () daionet gr jp knok () namazu org / knok () debian org
Current thread:
- [RHSA-2001:179-05] Updated namazu packages are available bugzilla (Jan 09)
- Details on the updated namazu packages that are available KF (Jan 10)
- Re: Details on the updated namazu packages that are available NOKUBI Takatsugu (Jan 10)
- Details on the updated namazu packages that are available KF (Jan 10)