Note that the proposed patch... < strcpy(User, pw->pw_name); --- > strncpy(User, pw->pw_name, MAX_UNAME - 1); does not completely patch the hole. Okay, shellcode will get cut off, but strncpy() does not '\0'-terninate the strings but I saw that the rest of the code (notably the next line strcpy(RealUser, User); ) assumes a standard '\0'-terninated string. So, the patch would be < strcpy(User, pw->pw_name); --- > strncpy(User, pw->pw_name, MAX_UNAME - 1); > User[MAX_UNAME-1]='\0'; wwieser
- Re: vixie cron possible local root compromis... Valdis Kletnieks
- Re: vixie cron possible local root compr... Juergen P. Meier
- Re: vixie cron possible local root compromis... Nelson Brito
- Re: vixie cron possible local root compromise Alan DeKok
- Re: vixie cron possible local root compromis... gabriel rosenkoetter
- Re: vixie cron possible local root compr... Robert Bihlmeyer
- Re: vixie cron possible local root compromise Kris Kennaway
- Re: vixie cron possible local root compromise Andrew Brown
- Re: vixie cron possible local root compromise Alfred Perlstein
- Re: vixie cron possible local root compromise Mark van Reijn
- Re: vixie cron possible local root compromise Wolfgang Wieser
- Re: vixie cron possible local root compromise Settle, Sean
