'' - MARC

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    
From:       Compte de developpement <devel () MEAT ! PLAGUEZ ! ORG>
Date:       1994-01-02 15:35:09
[Download RAW message or body]

zgv/svgalib "vulnerability" ?

hello,

i dont really see where the problem with zgv/svgalib is.

There is obviously a buffer overflow with the $HOME
environment variable, but all my attemps to exploit
this failed: svgalib had well dropped root perms
(see below). Any idea ?
(i'm using Redhat 3.0.3, 4.0.0, svgalib 1.2.9)

>From vga_init():
     ...
     seteuid(getuid());
     setgid(getegid());
     ...


Sample try:

[devel@plaguez]$ uname -a
Linux plaguez 2.0.30 #7 Sat Jun 21 09:35:21 MET 1997 i486
[devel@plaguez]$ ls -al /usr/bin/zgv
-r-s--x--x   1 root     root        87780 Feb 26  1996 /usr/bin/zgv
[devel@plaguez]$ ./overflow HOME 1124 0 /usr/bin/zgv
bash$




------------------------
   plaguez / libpcap
dube0866@eurobretagne.fr
  http://www.innu.org
------------------------

p.s: i'm looking for a job this summer. Maybe ... ;)

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic