Re: Must coredump? No. (Was: Local root through vuln...)

[Daniel Jacobowitz <drow () FALSE ORG>]

On Thu, Aug 24, 2000 at 12:11:12AM +0200, Bluefish (P.Magnusson) wrote:
> My qoute:
> > > Doesn't seem exploitable, but a bit funny :)
>
> is very relaxed and unspecific. Anyone saying "Doesn't seem exploitable"
> should certainly not be considered to have real research behind his words.
> "Seem" is a very weak word.
>
> What I ment was that all testings I've done so far with traceroute has
> never once resulted in a coredump. Therefor I think, without strong
> research behind my words, that this specific bug does never cause a
> buffert overflow. I also assumed traceroute to be written of such
> simplicity and logical behaivor that there exists no condition where
> overwritten data can cause a problem.

In this case, I have a hunch that it -is- exploitable, actually.  With
a little assistance from Nergal yesterday, I am very close to having it
written; I'll pound on it in my next free time.

It's a very silly bug.

Dan

/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|        SCS Class of 2002       |
|   Debian GNU/Linux Developer    __    Carnegie Mellon University   |
|         dan () debian org         |  |       dmj+ () andrew cmu edu      |
\--------------------------------/  \--------------------------------/