[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow
- To: joey.mengele@xxxxxxxxxxxx
- Subject: Re: [Full-disclosure] McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow
- From: monikerd <monikerd@xxxxxxxxx>
- Date: Wed, 15 Aug 2007 18:53:18 +0200
Joey Mengele wrote:
> Where does security come into play here? This is a local crash in a
> non setuid binary. I would like to hear your remote exploitation
> scenario. Or perhaps your local privilege escalation scenario?
>
> J
>
>
I'll play advocate of the devil then. Imagine a wiki running on a webserver,
that allows anybody to create new topics which end up in
/articles/[Topic].txt
with sufficient .htaccess stuff in /articles to twart most usual attacks ..
If you could create an arbitrary long topic, then you *might*
be able to execute some code, when some cronjob would scan the drive
and come across the file?
creating files is a different privilege than running code. Hence imho
it's not a bogus advisory.
another possibility would be to create an archive that extracts an
incredibly
long filename perhaps? scanning an archive before/after it's extracted
is a pretty common event i guess.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/