thr3ads.net - linux security - Security hole in Elm... [May 1997]

If this information is useful, please help other people find it:
Share via:

Marcin Bohosiewicz

1997-May-14 07:58 UTC

Security hole in Elm...

>---------- Forwarded message ----------
>Date: Tue, 13 May 1997 21:18:33 +0200
>From: Wojciech Swieboda <wojtek@ajax.umcs.lublin.pl>
>To: BUGTRAQ@NETSPACE.ORG
>
>Hello,
>        I''ve lately found an overflow vulnerability in Elm (Elm is
setgid
>mail on linux, and perhaps on some other platforms aswell). I''ve
tested
>this bug on versions 2.3 and 2.4, on 3 different Linux installations.
>from Elm 2.3''s curses.c:
>[...]
>        char termname[40];
>        char *strcpy(), *getenv();
>
>        if (getenv("TERM") == NULL) return(-1);
>
>        if (strcpy(termname, getenv("TERM")) == NULL)
>                return(-1);
>[...]
>to patch, change the strcpy line to
>        if (strncpy(termname, getenv("TERM"), sizeof(termname)) ==
NULL)
>
>lame exploit for linux included below (works from time to time):[exploit was here]

Elm without this bug is now available from:
ftp://venus.wis.pk.edu.pl/pub/RPMS/elm-2.4.25-8.i386.rpm
ftp://venus.wis.pk.edu.pl/pub/SRPMS/elm-2.4.25-8.src.rpm

M.

-| == Marcin Bohosiewicz            marcus@venus.wis.pk.edu.pl == |-
-| == tel. +048 (0-12) 37-44-99     marcus@krakow.linux.org.pl == |-
-| == Strona Domowa    -    http://venus.wis.pk.edu.pl/marcus/ == |-

Reasonably Related Threads

Search for more maybe matching threads

linux security - May 1997 - Security hole in Elm...

Security hole in Elm...

Reasonably Related Threads

Wisdom of the Ancients