Bug#183312: marked as done (xbase-clients: [xman] buffer overflow in MANPATH handling)
Your message dated Sun, 20 May 2007 23:34:05 +0200
with message-id <4650BECD.9000403@ens-lyon.org>
and subject line ping timeout, closing
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: xbase-clients: Buffer overflow in "xman"
- From: Benjamin A. Okopnik <ben@callahans.org>
- Date: Mon, 03 Mar 2003 16:19:48 -0500
- Message-id: <E18pxLg-0004yc-00@Fenrir.Thor>
Package: xbase-clients
Version: 4.2.1-5
Severity: grave
-- System Information
Debian Release: testing/unstable
Kernel Version: Linux Fenrir.Thor 2.4.18 #9 Sun Sep 22 21:35:23 EDT 2002 i686 unknown unknown GNU/Linux
Versions of the packages xbase-clients depends on:
ii cpp 3.2.2-0 The GNU C preprocessor.
ii libc6 2.3.1-13 GNU C Library: Shared libraries and Timezone
ii libdps1 4.2.1-5 Display PostScript (DPS) client library
ii libfreetype6 2.1.3-10 FreeType 2 font engine, shared library files
ii libncurses5 5.3.20021109-2 Shared libraries for terminal handling
ii libxaw7 4.2.1-5 X Athena widget set library
ii xlibmesa3-gl 4.2.1-5 Mesa 3D graphics library [XFree86]
ii xlibmesa3-glu 4.2.1-5 Mesa OpenGL utility library [XFree86]
ii xlibs 4.2.1-5 X Window System client libraries
ii xlibmesa3-gl 4.2.1-5 Mesa 3D graphics library [XFree86]
^^^ (Provides virtual package libgl1)
ii xlibmesa3-gl 4.2.1-5 Mesa 3D graphics library [XFree86]
^^^ (Provides virtual package libgl1)
--- Begin /etc/X11/xinit/xserverrc (modified conffile)
#!/bin/sh
exec /usr/bin/X11/X -depth 24 -dpi 85 -nolisten tcp
--- End /etc/X11/xinit/xserverrc
I was just trying to demonstrate something that used to be an old security
hole, the "MANPATH" overflow on "xman" - and it segfaulted out on me. A
little testing shows the boundary:
ben@Fenrir:~$ perl -we'$a = "a" x 8192; `MANPATH=$a xman`'
Xman Error: No manual pages found.
ben@Fenrir:~$ perl -we'$a = "a" x 8193; `MANPATH=$a xman`'
Segmentation fault
I guess it somehow got "unfixed"...
Ben Okopnik
-=-=-=-=-=-
--- End Message ---
--- Begin Message ---
- To: 21788-done@bugs.debian.org, 50972-done@bugs.debian.org, 115497-done@bugs.debian.org, 128435-done@bugs.debian.org, 196680-done@bugs.debian.org, 175296-done@bugs.debian.org, 183312-done@bugs.debian.org, 258874-done@bugs.debian.org, 272115-done@bugs.debian.org, 299512-done@bugs.debian.org, 327882-done@bugs.debian.org, 362299-done@bugs.debian.org
- Subject: ping timeout, closing
- From: Brice Goglin <Brice.Goglin@ens-lyon.org>
- Date: Sun, 20 May 2007 23:34:05 +0200
- Message-id: <4650BECD.9000403@ens-lyon.org>
Closing this bug since I didn't get any reply from the submitter (or
repliers) after my ping about a month ago (and some addresses are even
invalid nowadays). If anybody ever reproduces this problem, feel free to
reopen.
Brice
--- End Message ---
Reply to: