The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: 10 Aug 2003 01:12:27 -0000
From: yan feng <[email protected]>
To: [email protected]
Subject: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability




Ph4nt0m Security Advisory #2003--8-10
Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability By "jsk" (akun), in ph4nt0m.net(c) Security. E-mail: [email protected] Advisory Number : pst-2003--8-10-004 name : dsh versions : 0.24.0 possible in 0.24.1 Vendor : http://fresh.t-systems-sfr.com/linux/src/dsh- 0.24.0.tar.gz summary : Local&remote os(s) : *nix *************************************************************************** ** Description : the bug should be in debian os&#65292;Successful exploitation could result in arbitrary code execution with potentially elevated privileges. *************************************************************************** ** &#20855;&#20307;&#28431;&#27934;&#65306; *************************************************************************** ** dsh.c main(int ac, char ** av) { char *buf=NULL; setlocale (LC_ALL, ""); if (!textdomain(PACKAGE_NAME)) { if (!bindtextdomain(PACKAGE_NAME, LOCALEDIR)) fprintf (stderr, "%s: failed to call bindtextdomain\n", PACKAGE); } load_configfile(DSH_CONF); if (asprintf (&buf, "%s/.dsh/dsh.conf", getenv("HOME")) < 0).............lol { fprintf (stderr, _("%s: asprintf failed\n"), PACKAGE); exit (1); } load_configfile(buf); free (buf); asprintf&#30340;&#23450;&#20041;&#65306; nt asprintf(char **strp, const char *fmt, ...) { ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number */.............lol *strp = malloc(buflen); if (*strp) { va_list ap; va_start(ap, fmt); vsnprintf(*strp, buflen, fmt, ap);..................................lol va_end(ap); return buflen; } hey: getenv("HOME") >50*strlen(%s/.dsh/dsh.conf) ......buf overflow...... *************************************************************************** ********************** By "jsk" (akun), in ph4nt0m.net(c) Security. E-mail:[email protected] ph4nt0m Security Team: http://www.ph4nt0m.net My World: http://jsk.ph4nt0m.net MY GnuPG Public Key: http://202.119.104.82/webeq/app/jsk/jsk.asc

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру