Bugtraq mailing list archives
Re: Irix buffer overflow in /bin/df
From: spd () GTC1 CPS UNIZAR ES (J.A. Gutierrez)
Date: Sat, 24 May 1997 21:44:45 +0200
The version of 'df' which comes with Irix 6.2, whilst having the buffer overflow problem, is not vulnerable to this exploit as it is compiled as a 64bit N32 object
this is true only for the IRIX64 version of Irix 6.2
The temporary fix: chmod u-s /bin/df
Another fix: replace irix 6.2 mips-2 binary with the mips-3
binary from an IRIX64 box
The exploit code included has been tested on the following: R3000 Indigo (Irix 5.3) R4400 Indy (Irix 5.3) R5000 O2 (Irix 6.3)
R4400 Challenge L (IRIX64 Irix 6.2) -> doesn't works
$ file /sbin/df
/sbin/df: ELF N32 MSB mips-3 dynamic executable MIPS - version 1)
R4600 Indy, Irix 6.2 -> works
R4400 Indigo 2, Irix 6.2 -> works
--
.signature intentionally left blank
Current thread:
- Update to Windows 95 TCP/IP to Address Out-of-Band Issue, (continued)
- Update to Windows 95 TCP/IP to Address Out-of-Band Issue Aleph One (May 23)
- [WinNT] Post-SP3 Hotfix Avail for Macintosh OOB DOS Attack Sam Schlansky (May 23)
- cfingerd vulnerability Rodrigo Barbosa (May 23)
- Re: cfingerd vulnerability Edward S. Marshall (May 24)
- Re: cfingerd vulnerability Ken Hollis (May 24)
- Re: cfingerd vulnerability Alan Brown (May 25)
- Re: cfingerd vulnerability Michael Stone (May 25)
- winnuke in one line of perl5.004 Randal Schwartz (May 25)
- Re: cfingerd vulnerability Felix von Leitner (May 25)
- Irix buffer overflow in /bin/df David Hedley (May 24)
- Re: Irix buffer overflow in /bin/df J.A. Gutierrez (May 24)
- Irix: Pandora's box opened Yuri Volobuev (May 24)
- BitchX p139 script the lerPer (May 24)
- ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linux) Silvio Cesare (May 25)
- Re: ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linu Byron COLLIE (May 26)
- ANNOUNCE: riputils (Linux) Silvio Cesare (May 25)
- Re: Irix buffer overflow in /bin/df Lamont Granquist (May 28)