![[LWN Logo]](/images/lwn.banner.gif)
Date: Wed, 7 Oct 1998 23:49:30 -0400
From: NACS Security Administrator <security@SHELL.NACS.NET>
Subject: buffer overflow in dbadmin
To: BUGTRAQ@NETSPACE.ORG
I apologize if this has already been posted, I searched and did not find
it. I found a buffer overflow (no exploit code here kiddies) in
dbadmin v1.0.1 for linux. Dbadmin is a database administration tool
that is run as a CGI to maintain mSQL servers.
I am not sure whether it is exploitable or not. Here is the data:
The README file indicates that the file needs to be setuid to the
owner of mSQL server. It also suggests using a .htaccess file, so only
priveledged users will be able to use this to any advantage.
Looking at dbadmin.c, we see some interesting tidbits:
dbadmin.c: strcpy(op_temp,curField->name);
dbadmin.c: strcat(rec_new,curField->name);
At a glance, that doesn't look very good. Neither does this:
[root@ni dbadmin_v1.0.1]# grep strcat *.c | wc -l
63
[root@ni dbadmin_v1.0.1]# grep strcpy *.c | wc -l
13
This is code from 1996 so if there has probably been a newer release, but
I can't seem to find it, or the author.
Have a great day.
Richard Zack.
------------------------------------------------------------
New Age Consulting Service, Inc. 216-619-2000
root@nacs.net richard@nacs.net
hostmaster@nacs.net security@nacs.net
http://www.nacs.net/~richard
------------------------------------------------------------