[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: shotgun-1.1b buffer overflow(s)
From: PLaGuEZ <dube0866 () EUROBRETAGNE ! FR>
Date: 1994-01-01 13:52:01
[Download RAW message or body]
hello,
for those who dont have time to read README files, here is a piece of
advise about a svgalib-based (=suid root) linux file manager called
shotgun (release 1.1b, found on sunsite; is there a newer one ?).
The author writes in this readme file that bound checks are to be
done... Actually, this code badly needs those bound checks ! There
are more than 10 buffer overflows in the code, all while root perms
haven't been dropped, as required by svgalib.
I dont include any exploit, but they're really trivial and are a good
start for those interested in buffer overflows.
laters,
plaguez
------------------------
plaguez / libpcap
dube0866@eurobretagne.fr
www.innu.org
------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic