Shotgon 1.1b overflows

Summary
Description:Shotgon 1.1b, an svgalib based Linux file manager, apparently has "more than 10 buffer overflows".
Author:PLaGuEZ <dube0866@EUROBRETAGNE.FR>
Compromise: root (local)
Vulnerable Systems:Linux, apparently anything running shotgun, although I suspect that is almost exclusively linux.
Date:16 June 1997 (Ignore his fucked up date)
Details


Date: Sat, 1 Jan 1994 13:52:01 +0100
From: PLaGuEZ <dube0866@EUROBRETAGNE.FR>
To: BUGTRAQ@NETSPACE.ORG
Subject: shotgun-1.1b buffer overflow(s)

hello,

for those who dont have time to read README files, here is a piece of
advise about a svgalib-based (=suid root) linux file manager called
shotgun (release 1.1b, found on sunsite; is there a newer one ?).

The author writes in this readme file that bound checks are to be
done... Actually, this code badly needs those bound checks ! There
are more than 10 buffer overflows in the code, all while root perms
haven't been dropped, as required by svgalib.

I dont include any exploit, but they're really trivial and are a good
start for those interested in buffer overflows.

laters,

plaguez





------------------------
   plaguez / libpcap
dube0866@eurobretagne.fr
     www.innu.org
------------------------

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]