Date: Thu, 3 Sep 1998 03:29:01 -0500
From: HD Moore <[email protected]>
To: [email protected]Subject: More Overflows...
After gong over the recent posts concerning the overflows present in
minicom, nslookup, etc, I decided to see what else is vulnerable on my
system. I am running SuSe 5.2 with 64 Mb of EDO RAM and kernel 2.0.35.
Heres what i found...
smbclient version: 1.9.18p3 Overflow occurs after 8505
characters
compress version: 4.2.4 Overflow at 1100 characters
elvis version: 2.0 Lots of fun quirks over
1000-100000; maybe an exploit symlinking with tmp's
lha version: 1.02 Overflow at >19211
There are many more but im too tired to document them, if you have any
questions, I can be reached at [email protected]
The major concern i have is non-priveledged users trashing system files
with suid apps, please check ALL your suid's for overflows...Anyways,
Thrill Kill rocked and im beat and bloody from the pit, so goodnight.
