Bug 91546

Summary: /usr/bin/cal stack overflow
Product: [Retired] Red Hat Linux Reporter: Stig Hackvan <stig-redhat-bugzilla>
Component: util-linuxAssignee: Elliot Lee <sopwith>
Status: CLOSED WONTFIX QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-06-02 10:02:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stig Hackvan 2003-05-23 21:55:40 UTC 
stack overflow in /usr/bin/cal detected by libsafe.

-- /home/stig > /usr/bin/cal
Libsafe version 2.0.16
Detected an attempt to write across stack boundary.
Terminating /usr/bin/cal.
    uid=500  euid=500  pid=30728
Call stack:
    0x40016982  /lib/libsafe.so.2.0.16
    0x400170a1  /lib/libsafe.so.2.0.16
    0x8048f14   /usr/bin/cal
    0x8048d3d   /usr/bin/cal
    0x42017584  /lib/i686/libc-2.2.5.so
Overflow caused by wcscat()
Killed
-- stig/obelus (pts/2) -- 0 jobs -- Fri May 23 -- 14:54:37 -- 
-- /home/stig > whp !$
whp /usr/bin/cal
Name        : util-linux                   Relocations: (not relocateable)
Version     : 2.11n                             Vendor: Red Hat, Inc.
Release     : 12.7.3                        Build Date: Mon 24 Jun 2002 
07:30:23 AM PDT
Install date: Fri 14 Mar 2003 08:44:42 PM PST      Build Host: 
stripples.devel.redhat.com
Group       : System Environment/Base       Source RPM: util-linux-2.11n-
12.7.3.src.rpm
Size        : 2487880                          License: distributable
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : A collection of basic system utilities.
Description :
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among
others, Util-linux contains the fdisk configuration tool and the login
program.
Comment 1 Mark J. Cox 2003-05-25 18:00:47 UTC 
/usr/bin/cal does not ship setuid and I can't think of a way you'd be able to
exploit this stack overflow.  Did you have a particular exploit mechanism in mind?
Comment 2 Mark J. Cox 2003-06-02 10:02:06 UTC 
Closing, please reopen if there is an exploit mechanism for this issue we've
overlooked.