RE: vi buffer overflow

[Hubert Pasternak <xfer () but pl>]

vega:/home2/xfer$ id
uid=703(xfer) gid=100(users) groups=100(users)
vega:/home2/xfer$ uname -a
/* Red Hat :P */
Linux vega.but.pl 2.4.12-ac5+dpt_i2o #1 SMP Tue Oct 23 15:16:17 CEST 2001
i686 unknown
vega:/home2/xfer$ vi `perl -e 'print "x" x 9000'`
Vim: Double signal, exiting
Segmentation fault
/* I had to reset my tty after causing sigsegv */
vega:/home2/xfer$ export DUPA=`perl -e' print "x" x 9000'`
vega:/home2/xfer$ gdb `which vi`
GNU gdb 4.17.0.11 with Linux support
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux"...
(no debugging symbols found)...
(gdb) r $DUPA
Starting program: /bin/vi $DUPA
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
chunk_alloc (ar_ptr=0x403bf580, nb=9024) at malloc.c:2723
malloc.c:2723: No such file or directory.
(gdb) info reg
     eax:  0x80fecc0   135261376
     ecx: 0x403bf580  1077671296
     edx: 0x78785538  2021152056
     ebx: 0x403c11b4  1077678516
     esp: 0xbfffb3c0 -1073761344
     ebp: 0xbfffb40c -1073761268
     esi:  0x80fc980   135252352
     edi: 0x78785539  2021152057
     eip: 0x4032ed89  1077079433
(gdb)

This is output from vi vulnerablity (malloc) but one time i caused sigsegv
but in strcat() function... Couldn't send output of it because my damn
console scrolled a bit...

Greets...

#$@#$@@%%%#&# [xfer][Hubert Pasternak] @#@!$#@!$^#$
$% [E-Mail: xfer () hert org][Mobile: +48609928174] $#
##$% [ EP BUT Ltd. Network Security Specialist] #$@