And, here''s a fix.
-----Original Message-----
From: David Zhao <dzhao@LURK.KELLOGG.NWU.EDU>
To: BUGTRAQ@NETSPACE.ORG <BUGTRAQ@NETSPACE.ORG>
Date: Sunday, May 17, 1998 3:00 PM
Subject: simple kde exploit fix
>in kdebase/kscreensaver/kscreensave.cpp:
>
>change:
>line 18: strcpy( buffer, getenv("HOME") );
> to
> strncpy( buffer, getenv("HOME"), 256);
>
>and
>line 34: strcpy( buffer, KApplication::kde_bindir() );
> to
> strncpy( buffer, KApplication::kde_bindir(), 256 );
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> This one probably isn''t crucial, but it''s good
programming anyway
>
>this fixes the exploit given and is a classic stack overflow exploit, the
>thing is KDE uses the getenv function multiple times to get the home
>directory (in other kde suites and programs as well) instead of getting it
>from the passwd file, strange. Most are not vulnerable cause they
aren''t
>suid, but it still seems to be bad programming since you can change the
>environment from the shell. The only suid programs are klock, kppp, and
>the *.kss files, I haven''t checked the kss programs for bugs yet,
but this
>will fix the klock.
>
>==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-
=>| David Zhao UNIX Systems Admininstrator | Live Free or DIE
|>| Kellogg School of Management | | | |\ | | \ /
|>| ICQ Internet ID: 7892139 | | | | \ | | X
|>| Work Ph: (847) 467-3015 Pager: (847) 205-8674 | |_| | \| | / \
|>|
>| "Sometimes I think I''m stupid, other times I just am"|
>| -- Dennis Kiilerich
>===========================================================================>
