BugTraq
Back to list
|
Post reply
Buffer Overflow in uucp of SunOS 5.8
Jan 13 2003 07:08PM
hipnosis hipnosis (hipnosis softhome net)
Hi everybody
Though I dont know if this vulnerability has be discovered previously I
found a buffer overflow in the app uucp of SunOS 5.8 that it could be used
to get privileges of uucp.
Buffer is overflow when the app uucp is executed with the parameter -s
continued of a string bigger than 7525 bytes.
hipnosis% uucp -s `perl -e 'print "A"x7526'`
Segmentation Fault
hipnosis% uucp -s `perl -e 'print "A"x7525'`
hipnosis%
I have not been able to debug the app for see if the registers are
overwrites because i have not any debugger in my machine and i have not
too time.
My system:
hipnosis% uname -a
SunOS averroes 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-250
hipnosis%
Suid:
hipnosis% ls -l /usr/bin/uucp
---s--x--x 1 uucp uucp 66940 eno 5 2000 /usr/bin/uucp
hipnosis%
Well, bye everybody
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Hi everybody
Though I dont know if this vulnerability has be discovered previously I
found a buffer overflow in the app uucp of SunOS 5.8 that it could be used
to get privileges of uucp.
Buffer is overflow when the app uucp is executed with the parameter -s
continued of a string bigger than 7525 bytes.
hipnosis% uucp -s `perl -e 'print "A"x7526'`
Segmentation Fault
hipnosis% uucp -s `perl -e 'print "A"x7525'`
hipnosis%
I have not been able to debug the app for see if the registers are
overwrites because i have not any debugger in my machine and i have not
too time.
My system:
hipnosis% uname -a
SunOS averroes 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-250
hipnosis%
Suid:
hipnosis% ls -l /usr/bin/uucp
---s--x--x 1 uucp uucp 66940 eno 5 2000 /usr/bin/uucp
hipnosis%
Well, bye everybody
[ reply ]