Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core

From: Matias Sedalo <s0t4ipv6 () shellcode com ar>
Date: Tue, 4 Dec 2001 06:17:53 -0300 (ARST)
agetty is vulnerable on slackware 7.1...

mothership:~$ uname -a
Linux mothership 2.2.19-stealth #7 Wed Nov 7 06:54:37 ARST 2001 i586
unknown

mothership:~$ cat /etc/slackware-version
7.1.0

mothership:~$ ls -l /sbin/agetty
-rwxr-xr-x   1 root     bin         13844 Jun 27  2000 /sbin/agetty*

mothership:~$ id
uid=1000(s0t4ipv6) gid=100(users) groups=100(users),7(lp)

mothership:~$ /sbin/agetty 38400 `perl -e 'print "A"x8492'`
Segmentation fault

________________________
Matias Sedalo           :
                        :
Key id                  : 0x1F5345B7
P G P fingerprint       : B7A1 B45E 4906 34BD  70A1 55F8 E5A0 BCA2
..................................................................

On Tue, 4 Dec 2001, Bill Weiss wrote:


Scott Mackenzie(smackenz () brad ac uk)@Mon, Dec 03, 2001 at 08:07:50PM +0000:

SEE MESSAGE :
'Can anyone verify a core dump on /sbin/mingetty'
for the original post

The reason why there is no core dump from /sbin is because I didn't have 
write access - should have noticed that but there you go.

Ok, bit more information:

This problem is positive in the following systems:
* note there could and probably are more but I've only had word of the 
following systems being tested

Red-Hat 6.0 onwards (not tested any before) upto and including 7.2
Mandrake 8.0 2.4.3-20mdksmp (presumably similar to redhat here)
turbolinux 6.0
SCO unix 5.0.5

(this information was quickly gathered by several people; thanks everyone)


Slackware 7.0 (maybe 8.0) uses agetty, which is not vunerable, as far as I can tell.
It just spits out a usage error.

-- Bill Weiss
Previous By Date Next
Previous By Thread Next

Current thread: