(no subject)

Compte de developpement (devel@MEAT.PLAGUEZ.ORG)
Sun, 02 Jan 1994 15:35:09 +0100

zgv/svgalib "vulnerability" ?

hello,

i dont really see where the problem with zgv/svgalib is.

There is obviously a buffer overflow with the $HOME
environment variable, but all my attemps to exploit
this failed: svgalib had well dropped root perms
(see below). Any idea ?
(i'm using Redhat 3.0.3, 4.0.0, svgalib 1.2.9)

>From vga_init():
...
seteuid(getuid());
setgid(getegid());
...

Sample try:

[devel@plaguez]$ uname -a
Linux plaguez 2.0.30 #7 Sat Jun 21 09:35:21 MET 1997 i486
[devel@plaguez]$ ls -al /usr/bin/zgv
-r-s--x--x 1 root root 87780 Feb 26 1996 /usr/bin/zgv
[devel@plaguez]$ ./overflow HOME 1124 0 /usr/bin/zgv
bash$

------------------------
plaguez / libpcap
dube0866@eurobretagne.fr
http://www.innu.org
------------------------

p.s: i'm looking for a job this summer. Maybe ... ;)