lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 06 Aug 2004 16:05:47 -0400
From: Valdis.Kletnieks@...edu
To: Josh Martin <skizzles@...il.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: GNU/Linux 'info Buffer Overflow

On Fri, 06 Aug 2004 00:46:21 -0000, Josh Martin <skizzles@...il.com>  said:

> Package: info
> Version: 4.7-2.1
> Severity: grave
> Tags: security
> Justification: user security hole

> This buffer overflow is very trivial to leverage as there are several
> bytes available (10-15+).  It may be possible that arbitary system calls
> could be made though this hole. It is also possible to leverage this
> from the command line using the --restore=FILENAME flag, and need not
> have the program running.  Although it is not running as suid, or as a
> daemon, in a case where info is being used as a public service, it may
> be a security problem.

Well.. it may be a problem if you can convince root (or somebody else not
yourself) to go to an 'info' page and enter 'f' and 225 bytes and hit return,
or to convince root to run a 'info --restore=' command.  Barring that,
I'm failing to see how it's a "grave" severity - unless there's a way to leverage
it or social-engineer it that I'm missing, if this is "grave" then *every* bug that
results in a SIGSEGV is grave.....

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ