[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Fw: simple kde exploit fix
- From: Jiva DeVoe <jiva devware com>
- To: linux-security redhat com
- Subject: Fw: simple kde exploit fix
- Date: Sun, 17 May 1998 16:08:53 -0700
And, here's a fix.
-----Original Message-----
From: David Zhao <dzhao LURK KELLOGG NWU EDU>
To: BUGTRAQ NETSPACE ORG <BUGTRAQ NETSPACE ORG>
Date: Sunday, May 17, 1998 3:00 PM
Subject: simple kde exploit fix
>in kdebase/kscreensaver/kscreensave.cpp:
>
>change:
>line 18: strcpy( buffer, getenv("HOME") );
> to
> strncpy( buffer, getenv("HOME"), 256);
>
>and
>line 34: strcpy( buffer, KApplication::kde_bindir() );
> to
> strncpy( buffer, KApplication::kde_bindir(), 256 );
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> This one probably isn't crucial, but it's good programming anyway
>
>this fixes the exploit given and is a classic stack overflow exploit, the
>thing is KDE uses the getenv function multiple times to get the home
>directory (in other kde suites and programs as well) instead of getting it
>from the passwd file, strange. Most are not vulnerable cause they aren't
>suid, but it still seems to be bad programming since you can change the
>environment from the shell. The only suid programs are klock, kppp, and
>the *.kss files, I haven't checked the kss programs for bugs yet, but this
>will fix the klock.
>
>==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-
==
>| David Zhao UNIX Systems Admininstrator | Live Free or DIE
|
>| Kellogg School of Management | | | |\ | | \ /
|
>| ICQ Internet ID: 7892139 | | | | \ | | X
|
>| Work Ph: (847) 467-3015 Pager: (847) 205-8674 | |_| | \| | / \
|
>|
>| "Sometimes I think I'm stupid, other times I just am"|
>| -- Dennis Kiilerich
>===========================================================================
==
>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]