[linux-security] Re: Re: so-called snprintf() in db-1.85.4

Aleph One (aleph1@DFW.NET)
Thu, 10 Jul 1997 07:32:06 -0500

---------- Forwarded message ----------
Date: Wed, 9 Jul 1997 11:20:08 -0400 (EDT)
From: Illuminati Primus <vermont@gate.net>
To: Hal DeVore <hdevore@bmc.com>
Cc: Thomas Roessler <roessler@guug.de>, linux-security@redhat.com
Subject: [linux-security] Re: Re: so-called snprintf() in db-1.85.4

ldd /usr/sbin/sendmail
libgdbm.so.1 => /lib/libgdbm.so.1
libdb.so.1 => /usr/lib/libdb.so.1
libc.so.5 => /lib/libc.so.5

Does this mean that the all occurences of snprintf in my sendmail are now
susceptible to overflows? Or might the order of the links to the
libraries override libdb's snprintf with the libc version? I am unsure
about how symbols are loaded from libraries...

[mod: I'd vote "YES", sendmail is vulnerable. Strings on
/usr/sbin/sendmail gives "snprintf", quite close to the string
"libdb.so.2.0.0". The order of the links works as it should when
special libraries (like libdb) can override the default (in libc) -- REW]

Thanks for any info,
-vermont@gate.net

On Wed, 9 Jul 1997, Hal DeVore wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
>
>
> roessler@guug.de wrote:
> > There is a severe problem with the db-1.85.4 library's Linux port
>
> I just ran nm on my libdb.a and found:
>
> snprintf.o:
> 00000000 t gcc2_compiled.
> 00000000 T snprintf
> 00000014 T vsnprintf
> U vsprintf
>
> Without looking at the code I'd bet that the vsnprintf function supplied
> in this library similarly turns into a vsprintf.
>
> Hal
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3a
> Charset: noconv
>
> iQCVAwUBM8OG50Zrb8SDJ8hxAQE77wP/a10vOmulKy3hOcG9bqwBA64m7OEejqv7
> 7CiRGcRepHyowVMHvp2P7pITCYohGxpEweljnA4iqHy8WG68No8pK2YOjp7RDLda
> WcS+CvImoLX7gBZK3LBQpmWqtrHfwO/I3QaqfietW93mG0PPrysRGhUNi94+MKB5
> 4SUgslHA42U=
> =AkPG
> -----END PGP SIGNATURE-----
>