Dailydave mailing list archives
eddy 0day
From: Evgeny Legerov <admin () gleg net>
Date: Tue, 14 Feb 2006 02:51:37 +0300 (MSK)
Hi, Interesting Isode M-Vault Server 11.3 bug revealed with ProtoVer Sample LDAP (platform: FC4): Program received signal SIGABRT, Aborted. [Switching to Thread -1534674000 (LWP 3674)] 0xa667e7e2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 (gdb) bt #0 0xa667e7e2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0xa5faf1f8 in raise () from /lib/libc.so.6 #2 0xa5fb0948 in abort () from /lib/libc.so.6 #3 0xa5fe452a in __libc_message () from /lib/libc.so.6 #4 0xa5fea424 in _int_free () from /lib/libc.so.6 #5 0xa5fea95f in free () from /lib/libc.so.6 #6 0x08190c38 in IC_LdapModifyOperation::operation_thread () #7 0x0818ec9e in IC_LdapModifyOperation::operation_thread () #8 0x0818ea74 in IC_LdapModifyOperation::operation_thread () #9 0x0818e826 in IC_LdapModifyOperation::operation_thread () #10 0x08187700 in IC_LdapResponder::handle_read_event_async () #11 0x08188369 in IC_AsyncObject<IC_LdapResponder>::_wrapper () #12 0x081c37d3 in Pthread__work () #13 0x081c344f in Pthread__work () #14 0xa60dab80 in start_thread () from /lib/libpthread.so.0 #15 0xa6051dee in clone () from /lib/libc.so.6 (gdb) i f 3 Stack frame at 0xa486ad2c: eip = 0xa5fe452a in __libc_fatal; saved eip 0xa5fea424 called by frame at 0xa486ada4, caller of frame at 0xa486a6d4 Arglist at 0xa486ad24, args: Locals at 0xa486ad24, Previous frame's sp is 0xa486ad2c Saved registers: ebx at 0xa486ad18, ebp at 0xa486ad24, esi at 0xa486ad1c, edi at 0xa486ad20, eip at 0xa486ad28 (gdb) x/10x 0xa486ad24 0xa486ad24: 0xa486ad9c 0xa5fea424 0x00000002 0xa60a23b4 0xa486ad34: 0xb731b448 0xa60a2428 0xa486ad87 0xa486ad80 0xa486ad44: 0x00000000 0xa486ad87 (gdb) x/s 0xa60a23b4 0xa60a23b4 <__libc_ptyname1+12237>: "*** glibc detected *** %s: %s: 0x%s ***\n" (gdb) x/s 0xb731b448 0xb731b448: "/opt/isode/sbin/isode.eddy" (gdb) x/s 0xa60a2428 0xa60a2428 <__libc_ptyname1+12353>: "double free or corruption (fasttop)" (gdb) This one looks like a double free vulnerability. To reproduce: [PROTOVER_SAMPLE_LDAP-1.0]$ ./run.py localhost 389 3102 1 Regards, Evgeny Legerov www.gleg.net
Current thread:
- eddy 0day Evgeny Legerov (Feb 13)