[36007] in bugtraq
Re: GNU/Linux 'info Buffer Overflow
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Aug 6 17:41:02 2004
Message-Id: <200408062005.i76K5l8P013287@turing-police.cc.vt.edu>
To: Josh Martin <skizzles@gmail.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: Your message of "Fri, 06 Aug 2004 00:46:21 -0000."
<20040806004621.25110.qmail@www.securityfocus.com>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1909289544P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Fri, 06 Aug 2004 16:05:47 -0400
--==_Exmh_1909289544P
Content-Type: text/plain; charset=us-ascii
On Fri, 06 Aug 2004 00:46:21 -0000, Josh Martin <skizzles@gmail.com> said:
> Package: info
> Version: 4.7-2.1
> Severity: grave
> Tags: security
> Justification: user security hole
> This buffer overflow is very trivial to leverage as there are several
> bytes available (10-15+). It may be possible that arbitary system calls
> could be made though this hole. It is also possible to leverage this
> from the command line using the --restore=FILENAME flag, and need not
> have the program running. Although it is not running as suid, or as a
> daemon, in a case where info is being used as a public service, it may
> be a security problem.
Well.. it may be a problem if you can convince root (or somebody else not
yourself) to go to an 'info' page and enter 'f' and 225 bytes and hit return,
or to convince root to run a 'info --restore=' command. Barring that,
I'm failing to see how it's a "grave" severity - unless there's a way to leverage
it or social-engineer it that I'm missing, if this is "grave" then *every* bug that
results in a SIGSEGV is grave.....
--==_Exmh_1909289544P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFBE+SacC3lWbTT17ARAogRAJ0VsQtpc/orpBZYLtZqHXAcHsDJ9ACfdvkY
x4Ct7xCboHvn+PpwQDy4nQQ=
=Bg7f
-----END PGP SIGNATURE-----
--==_Exmh_1909289544P--
