Vulnerability Development mailing list archives
Re: slocate bug.
From: Guilherme Mesquita <guy () nh conex com br>
Date: Fri, 15 Feb 2002 23:46:03 -0200
Hey there, Ok just hold on: What would be the advantages of exploiting something which would spawn the "slocate" group privileges? Maybe browsing users' directories? No root yet... -- mips On Fri, 15 Feb 2002 11:10:00 -0200 Rodrigo Barbosa <rodrigob () tisbrasil com br> wrote:
On Thu, Feb 14, 2002 at 11:39:17AM -0500, KF wrote:Heres the details on Mandrake LinuxHere are on Conectiva Linux[elguapo@linux elguapo]$ ls -al `which slocate` -rwxr-sr-x 2 root slocate 24956 Apr 6 2001 /usr/bin/slocate*frodo [/home/rodrigob] > ls -al `which slocate` -rwxr-sr-x 1 root slocate 32300 Jan 23 15:13 /usr/bin/slocate[elguapo@linux elguapo]$ uname -a Linux linux.ckfr.com 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686 unknownfrodo [/home/rodrigob] > uname -a Linux frodo.bh.tisbrasil 2.4.17-13cl #1 Fri Feb 1 18:33:09 BRST 2002 i686 unknown[elguapo@linux elguapo]$ cat /etc/redhat-release Linux Mandrake release 8.0 (Traktopel) for i586frodo [/home/rodrigob] > cat /etc/conectiva-release Conectiva Linux BETA (RdL) (Note: This is the snapshot version)[elguapo@linux elguapo]$ slocate -r `perl -e 'print "A" x 65026'` Segmentation faultfrodo [/home/rodrigob] > slocate -r `perl -e 'print "A" x 65026'` fatal error: error: slocate: regular expression: Regular expression too big#0 0x400eeb69 in regerror () from /lib/libc.so.6 #1 0x0804aa99 in strcpy ()This looks like a bug I fixed on Aug 2000 (and sent back to the maintainer) * Wed Aug 23 2000 Rodrigo Barbosa <rodrigob () conectiva com> - Improved patch for glibc >= 2.1.90 - Fixed buffer overflow on misc.c:load_file -- Rodrigo Barbosa - rodrigob at tisbrasil.com.br TIS - Belo Horizonte, MG, Brazil "Quis custodiet ipsos custodiet?" - http://www.tisbrasil.com.br/ Brainbench Certified -> Transcript ID #3332104
Current thread:
- slocate bug. Ehud Tenenbaum (Feb 14)
- Re: slocate bug. KF (Feb 14)
- Re: slocate bug. Rodrigo Barbosa (Feb 15)
- Re: slocate bug. Guilherme Mesquita (Feb 15)
- Re: slocate bug. Kurt Seifried (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 16)
- Re: slocate bug. Kurt Seifried (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 17)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- Re: slocate bug. Rodrigo Barbosa (Feb 15)
- Re: slocate bug. KF (Feb 14)
- <Possible follow-ups>
- Re: slocate bug. jaytee () email it (Feb 14)
- Re: slocate bug. Wodahs Latigid (Feb 15)