Vulnerability Development mailing list archives
Re: xmalloc buffer overflow?
From: Lucian Hudin <luci () warp transart ro>
Date: Fri, 9 Nov 2001 21:46:56 +0200 (EET)
Can anybody else verify these results? It doesn't matter what `perl -e 'print "." x 90000000'` is appended to, I just chose vi (the vi buffer overflow being my inspiration). Please use the exploit responsibly; also if it is redundant, I apologize. # uname -a Linux linux 2.4.4-4GB #1 Fri May 18 14:11:12 GMT 2001 i686 unknown [I know about the clock...] # id uid=500(nobody) gid=100(users) groups=100(users) # vi `perl -e 'print "." x 90000000'` bash: xmalloc: cannot allocate 90000001 bytes (0 bytes allocated) # id uid=0(root) gid=0(root) groups=0(root),1(bin),14(uucp),15(shadow),16(dialout),17(audio),65534(nogrou p)
The execution of the "vi ..." command has unpredictable results, for example killing your bash, and maybe you were in a root bash previously. There is no logical way you'd obtain root with that simple command :P luci@satan:~$ vi `perl -e 'print "." x 90000000'` bash: xrealloc: cannot reallocate 67108864 bytes (0 bytes allocated) [I get logged out] root@satan:~# su - luci luci@satan:~$ vi `perl -e 'print "." x 90000000'` su: xrealloc: cannot reallocate 67108864 bytes (0 bytes allocated) root@satan:~# uname -r 2.2.20
Current thread:
- Vi buffer overflow KF (Nov 08)
- Re: Vi buffer overflow Jose Nazario (Nov 08)
- xmalloc buffer overflow? Robert Freeman (Nov 09)
- Re: xmalloc buffer overflow? dotslash (Nov 09)
- Re: xmalloc buffer overflow? Gwendolynn ferch Elydyr (Nov 09)
- Re: xmalloc buffer overflow? Christoph Moench-Tegeder (Nov 09)
- Re: xmalloc buffer overflow? Syzop (Nov 09)
- Re: xmalloc buffer overflow? Lucian Hudin (Nov 09)
- luser beeing able to kill random root owned procs (linux 2.2.20) ? Lucian Hudin (Nov 09)
- Re: xmalloc buffer overflow? Vasisht Tadigotla (Nov 09)
- Re: xmalloc buffer overflow? Kev (Nov 09)
- Re: xmalloc buffer overflow? dotslash (Nov 09)
- Re: Vi buffer overflow Rob Paisley (Nov 13)
- <Possible follow-ups>
- Re: vi buffer overflow Kaneda Akira (Nov 09)
- Re: vi buffer overflow Emmanuel BENOIT (Nov 09)
- Re: vi buffer overflow Matias Sedalo (Nov 09)
- Re: vi buffer overflow Thomas Graf (Nov 09)
- Re: vi buffer overflow walter valenti (Nov 09)
- Re: vi buffer overflow Piyush Agarwal (Nov 09)
- Re: vi buffer overflow Emmanuel BENOIT (Nov 09)
(Thread continues...)