Bug 91546 - /usr/bin/cal stack overflow
/usr/bin/cal stack overflow
Product: Red Hat Linux
Classification: Retired
Component: util-linux (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Elliot Lee
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2003-05-23 17:55 EDT by Stig Hackvan
Modified: 2007-04-18 12:53 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-06-02 06:02:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Stig Hackvan 2003-05-23 17:55:40 EDT
stack overflow in /usr/bin/cal detected by libsafe.

-- /home/stig > /usr/bin/cal
Libsafe version 2.0.16
Detected an attempt to write across stack boundary.
Terminating /usr/bin/cal.
    uid=500  euid=500  pid=30728
Call stack:
    0x40016982  /lib/libsafe.so.2.0.16
    0x400170a1  /lib/libsafe.so.2.0.16
    0x8048f14   /usr/bin/cal
    0x8048d3d   /usr/bin/cal
    0x42017584  /lib/i686/libc-2.2.5.so
Overflow caused by wcscat()
-- stig/obelus (pts/2) -- 0 jobs -- Fri May 23 -- 14:54:37 -- 
-- /home/stig > whp !$
whp /usr/bin/cal
Name        : util-linux                   Relocations: (not relocateable)
Version     : 2.11n                             Vendor: Red Hat, Inc.
Release     : 12.7.3                        Build Date: Mon 24 Jun 2002 
07:30:23 AM PDT
Install date: Fri 14 Mar 2003 08:44:42 PM PST      Build Host: 
Group       : System Environment/Base       Source RPM: util-linux-2.11n-
Size        : 2487880                          License: distributable
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : A collection of basic system utilities.
Description :
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among
others, Util-linux contains the fdisk configuration tool and the login
Comment 1 Mark J. Cox 2003-05-25 14:00:47 EDT
/usr/bin/cal does not ship setuid and I can't think of a way you'd be able to
exploit this stack overflow.  Did you have a particular exploit mechanism in mind?
Comment 2 Mark J. Cox 2003-06-02 06:02:06 EDT
Closing, please reopen if there is an exploit mechanism for this issue we've

Note You need to log in before you can comment on or make changes to this bug.