[Full-disclosure] McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow
Joey Mengele
joey.mengele at hushmail.com
Wed Aug 15 18:34:50 BST 2007
You are playing handpuppet of the jackass, actually. Check PATH_MAX
in the Linux Kernel.
J
On Wed, 15 Aug 2007 12:53:18 -0400 monikerd <monikerd at gmail.com>
wrote:
>Joey Mengele wrote:
>> Where does security come into play here? This is a local crash
>in a
>> non setuid binary. I would like to hear your remote exploitation
>
>> scenario. Or perhaps your local privilege escalation scenario?
>>
>> J
>>
>>
>I'll play advocate of the devil then. Imagine a wiki running on a
>webserver,
>
>that allows anybody to create new topics which end up in
>/articles/[Topic].txt
>with sufficient .htaccess stuff in /articles to twart most usual
>attacks ..
>
>
>If you could create an arbitrary long topic, then you *might*
>be able to execute some code, when some cronjob would scan the
>drive
>and come across the file?
>
>creating files is a different privilege than running code. Hence
>imho
>it's not a bogus advisory.
>
>
>another possibility would be to create an archive that extracts an
>incredibly
>long filename perhaps? scanning an archive before/after it's
>extracted
>is a pretty common event i guess.
--
Click for free information on accounting careers, $150 hour potential.
http://tagline.hushmail.com/fc/Ioyw6h4dCaNyraR2kkZ8KcMCiTJDWZokEDbswig9iZ5cvsPFFYamWc/
Full-Disclosure is hosted and sponsored by Secunia.