Bugtraq mailing list archives
Re: dip 3.3.7p-overflow
From: "Martijn A." <root () esd ath cx>
Date: Tue, 17 Jul 2001 05:38:29 +0200 (CEST)
After doing a check on my SuSE linux 7.0 x86 i found >something interesting: hegi@faust:~ > ls -la /usr/sbin/dip -rwsr-xr-- 1 root dialout 62056 Jul 29 2000 /usr/sbin/dip DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96) Written by Fred N. van Kempen, MicroWalt Corporation. (gdb) run -k -l `perl -e 'print "a" x 130 '` Starting program: /usr/sbin/dip -k -l `perl -e 'print "a" x 130 '` DIP: Dialup IP Protocol Driver version 3.3.7p-uri (25 Dec 96) Written by Fred N. van Kempen, MicroWalt Corporation. DIP: cannot open /var/lock/LCK..aaaa......aaaaaaa: Datei oder >Verzeichnis nicht gefunden Program received signal SIGSEGV, Segmentation fault. 0x61616161 in ?? () The same packet and problem is on SuSe 7.1 and RedHat 6.2. >I don't have SuSe 7.2 to check.
SuSE 6.2 and 6.3 are also vulnerable and setuid root. But normal users, just like on SuSE 7.0, don't have execute permissions on these versions. Regards, Martijn A.
Current thread:
- dip 3.3.7p-overflow sebi hegi (Jul 09)
- Re: dip 3.3.7p-overflow Marcin Marszalek (Jul 10)
- Re: dip 3.3.7p-overflow Ron van Daal (Jul 16)
- Re: dip 3.3.7p-overflow teo (Jul 10)
- <Possible follow-ups>
- Re: dip 3.3.7p-overflow Martijn A. (Jul 17)
- Re: dip 3.3.7p-overflow Kevin W. (Jul 17)
- Re: dip 3.3.7p-overflow Martijn A. (Jul 18)
- Re: dip 3.3.7p-overflow Marcin Marszalek (Jul 10)