(no subject)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Aleph One: "http://www.eden.com/~tfast/jihad.html"
• Previous message: Raymond Dijkxhoorn: "Re: http://www.news.com/News/Item/0,4,11759,00.html"

hello,

i dont really see where the problem with zgv/svgalib is.

There is obviously a buffer overflow with the $HOME
environment variable, but all my attemps to exploit
this failed: svgalib had well dropped root perms
(see below). Any idea ?
(i'm using Redhat 3.0.3, 4.0.0, svgalib 1.2.9)

>From vga_init():
...
seteuid(getuid());
setgid(getegid());
...

Sample try:

[devel@plaguez]$ uname -a
Linux plaguez 2.0.30 #7 Sat Jun 21 09:35:21 MET 1997 i486
[devel@plaguez]$ ls -al /usr/bin/zgv
-r-s--x--x 1 root root 87780 Feb 26 1996 /usr/bin/zgv
[devel@plaguez]$ ./overflow HOME 1124 0 /usr/bin/zgv
bash$

------------------------
plaguez / libpcap
dube0866@eurobretagne.fr
http://www.innu.org
------------------------

p.s: i'm looking for a job this summer. Maybe ... ;)

• Next message: Aleph One: "http://www.eden.com/~tfast/jihad.html"
• Previous message: Raymond Dijkxhoorn: "Re: http://www.news.com/News/Item/0,4,11759,00.html"