Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: xmalloc buffer overflow?

From: Lucian Hudin <luci () warp transart ro>
Date: Fri, 9 Nov 2001 21:46:56 +0200 (EET)


Can anybody else verify these results? It doesn't matter what `perl -e
'print "." x 90000000'` is appended to, I just chose vi (the vi buffer
overflow being my inspiration). Please use the exploit responsibly; also if
it is redundant, I apologize.


# uname -a
Linux linux 2.4.4-4GB #1 Fri May 18 14:11:12 GMT 2001 i686 unknown  [I know
about the clock...]
# id
uid=500(nobody) gid=100(users) groups=100(users)
# vi `perl -e 'print "." x 90000000'`
bash: xmalloc: cannot allocate 90000001 bytes (0 bytes allocated)
# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),14(uucp),15(shadow),16(dialout),17(audio),65534(nogrou
p)



The execution of the "vi ..." command has unpredictable results, for
example killing your bash, and maybe you were in a root bash previously.
There is no logical way you'd obtain root with that simple command :P

luci@satan:~$ vi `perl -e 'print "." x 90000000'`
bash: xrealloc: cannot reallocate 67108864 bytes (0 bytes allocated)
[I get logged out]
root@satan:~# su - luci
luci@satan:~$ vi `perl -e 'print "." x 90000000'`
su: xrealloc: cannot reallocate 67108864 bytes (0 bytes allocated)
root@satan:~# uname -r
2.2.20
Previous By Date Next
Previous By Thread Next

Current thread: