Date: Sat, 13 Feb 1999 23:49:29 -0400 From: Sw3 <sw3wn@CSOFT.NET> Subject: Re: mc & Segmentation fault To: BUGTRAQ@NETSPACE.ORG shaman wrote: > > Some days ago i discovered something..If you export TERM with the name for > example "buqtraq" and you will start Midnight Commander you will see > something like this: > > localhost:~$ export TERM="bugtraq" > localhost:~$ mc > Unknown terminal: buqtraq > Check the TERM environment variable. > Also make sure that the terminal is defined in the terminfo database. > Alternatively, set the TERMCAP environment variable to the desired > termcap entry. > > But if the name of the TERM will include over 227 characters you will see > something different: > localhost:~$ export TERM="bugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraq > bugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraq > bugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraq > bugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraq > bugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraqbugtraq > " > localhost:~$ mc > Segmentation fault > localhost:~$ > > I don`t know if it is interesting and i haven`t try do exploiting it but > maybe someone.... > I have tested it only on Slackware 3.5. This is clearly a buffer overflow, but not a security compromise, since it's not remote exploitable nor suid anything. I checked it out, it seems to be a stack overflow, ie. the program counter is just next to it, quite common. I contacted the authors about it. -- Julien Nadeau | sw3wn@csoft.net Proof of concept | "A complex solution to a simple problem" http://poc.csoft.net | [http://www.csoft.net/~sw3wn]