Bugtraq mailing list archives
Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Mon, 28 Dec 1998 20:33:53 +0100
On Thu, 24 Dec 1998, Casper Dik wrote:I'd love it if someone did the "SPARC excercise". (If you have an x86 exploit, it's not always as easy to maek a SPARC one)
Well, it appears I should never have said that; it let to various ad hominem attacks. Please, I'm not a "vendor representative" it isn't "my" code and "I" am not the person to fix it. I'm just trying to help out here. I guess the irony of the remark was lost to some. (As someone else remarked, excercises left to the reader are left to the read for a single reason most of the time: the author couldn't figure it out for himself) As for the KCMS code and fixing it myself, well, I'd love to have the power to do so, but as it stands, the Sun source code is spread over several bits all under different control. Some even under external control. Not all source code is available on our intranet (hate that word).
On unpatched Solaris 2.6, sparc: % uname -a SunOS oy 5.6 Generic sun4m sparc SUNW,SPARCstation-20 % /usr/openwin/bin/kcms_configure -P `perl -e 'print "a" x 9000'` foofoo %
That's it, no seg fault. Am i doing something wrong?
No, SPARC stack frames are constructed differently. On Solaris/Intel, all you need is a return from the function that declared the overflown buffer. On SPARC, you need to return from the invoking function as well. The kcms_* program must test & exit before the overflow ends up in a register. It may still be possible to craft an overflow for kcms_configure on SPARC that is exploitable; it's likely not to be as straightforward as the one on Intel. Casper
Current thread:
- 3COM Documentation backdoors in CB3500, (continued)
- 3COM Documentation backdoors in CB3500 Pedro Ribeiro (Dec 23)
- New perl module Net::RawIP Sergey V. Kolychev (Dec 22)
- Update on Cisco IOS 12.0 security bug John Bashinski (Dec 22)
- Re: New perl module Net::RawIP route () RESENTMENT INFONEXUS COM (Dec 22)
- [SecureXpert Labs Advisory SX-98.12.23-01] Widespread DoS Richard Reiner (Dec 23)
- Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Updated) Anonymous (Dec 23)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Casper Dik (Dec 24)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Dima Volodin (Dec 25)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Lamont Granquist (Dec 28)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Igor Schein (Dec 28)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Casper Dik (Dec 28)
- A few more fingerprinting techniques - time and netmask David G. Andersen (Dec 28)
- Microsoft Security Bulletin (MS98-020) aleph1 () UNDERGROUND ORG (Dec 23)
- Security Flaw in Cookies Implementation Oliver Lineham (Dec 23)
- Re: Why you should avoid world-writable directories Gonzo Granzeau (Dec 22)
- Re: Why you should avoid world-writable directories Kragen Sitaker (Dec 22)