Re: slocate bug.

From: Guilherme Mesquita (guy@nh.conex.com.br)
Date: 02/16/02

• Previous message: B.K. DeLong: "Black Hat Briefings (Vegas) Call for Papers"
• In reply to: Rodrigo Barbosa: "Re: slocate bug."
• Next in thread: Kurt Seifried: "Re: slocate bug."
• Next in thread: John Adair: "RE: slocate bug."
• Reply: Kurt Seifried: "Re: slocate bug."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 15 Feb 2002 23:46:03 -0200
From: Guilherme Mesquita <guy@nh.conex.com.br>
To: Rodrigo Barbosa <rodrigob@tisbrasil.com.br>

Hey there,

Ok just hold on:

What would be the advantages of exploiting something which would spawn the "slocate" group privileges? Maybe browsing users' directories? No root yet...

-- mips

On Fri, 15 Feb 2002 11:10:00 -0200
Rodrigo Barbosa <rodrigob@tisbrasil.com.br> wrote:

> On Thu, Feb 14, 2002 at 11:39:17AM -0500, KF wrote:
> > Heres the details on Mandrake Linux
> Here are on Conectiva Linux
>
> > [elguapo@linux elguapo]$ ls -al `which slocate`
> > -rwxr-sr-x 2 root slocate 24956 Apr 6 2001
> > /usr/bin/slocate*
>
> frodo [/home/rodrigob] > ls -al `which slocate`
> -rwxr-sr-x 1 root slocate 32300 Jan 23 15:13 /usr/bin/slocate
>
> > [elguapo@linux elguapo]$ uname -a
> > Linux linux.ckfr.com 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686
> > unknown
>
> frodo [/home/rodrigob] > uname -a
> Linux frodo.bh.tisbrasil 2.4.17-13cl #1 Fri Feb 1 18:33:09 BRST 2002 i686 unknown
>
> > [elguapo@linux elguapo]$ cat /etc/redhat-release
> > Linux Mandrake release 8.0 (Traktopel) for i586
>
> frodo [/home/rodrigob] > cat /etc/conectiva-release
> Conectiva Linux BETA (RdL)
>
> (Note: This is the snapshot version)
>
> > [elguapo@linux elguapo]$ slocate -r `perl -e 'print "A" x 65026'`
> > Segmentation fault
>
> frodo [/home/rodrigob] > slocate -r `perl -e 'print "A" x 65026'`
> fatal error: error: slocate: regular expression: Regular expression too big
>
> > #0 0x400eeb69 in regerror () from /lib/libc.so.6
> > #1 0x0804aa99 in strcpy ()
>
> This looks like a bug I fixed on Aug 2000 (and sent back to the maintainer)
>
> * Wed Aug 23 2000 Rodrigo Barbosa <rodrigob@conectiva.com>
>
> - Improved patch for glibc >= 2.1.90
> - Fixed buffer overflow on misc.c:load_file
>
> --
> Rodrigo Barbosa - rodrigob at tisbrasil.com.br
> TIS - Belo Horizonte, MG, Brazil
> "Quis custodiet ipsos custodiet?" - http://www.tisbrasil.com.br/
> Brainbench Certified -> Transcript ID #3332104
>

---

• Previous message: B.K. DeLong: "Black Hat Briefings (Vegas) Call for Papers"
• In reply to: Rodrigo Barbosa: "Re: slocate bug."
• Next in thread: Kurt Seifried: "Re: slocate bug."
• Next in thread: John Adair: "RE: slocate bug."
• Reply: Kurt Seifried: "Re: slocate bug."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)