Re: [exim-dev] exim_dbmbuild buffer overflow

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Tom Kistner
Ημερομηνία:  
Προς: alberto barbaro
Υ/ο: exim-dev
Αντικείμενο: Re: [exim-dev] exim_dbmbuild buffer overflow
alberto barbaro wrote:

> sh-2.05b$ echo "a" > a.txt && exim_dbmbuild a.txt `perl -e 'print"A"x5000'`
> Segmentation fault


That proves you can break anything with a large enough hammer.

> Ustrcpy(temp_dbmname, argv[arg+1]);    <--- needs more control


Why?

> Please write me back soon


Why?

(Hint: exim_dbmbuild is not installed setuid, nor is it invoked by a
remote operation).

/tom