Bugtraq mailing list archives
Re: [ Hackerslab bug_paper ] Linux dump buffer overflow
From: eugeneteo () EUGENETEO NET (Eugene Teo)
Date: Fri, 3 Mar 2000 00:16:45 +0800
server running Redhat 6.1 doesn't seem to be vulnerable to this. Like NetBSD, It just returns a filename too long error. anyhow, i remove the suid bit from dump. -- Eugene Teo - http://www.eugeneteo.net - http://linux.com.sg Email: eugeneteo () eugeneteo net, eugeneteo () linux com sg ----- Original Message ----- From: ±è¿ëÁØ KimYongJun (99Á¹¾÷) <s96192 () CE HANNAM AC KR> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Monday, February 28, 2000 2:17 PM Subject: [ Hackerslab bug_paper ] Linux dump buffer overflow
[ Hackerslab bug_paper ] Linux dump buffer overflow File : /sbin/dump SYSTEM : Linux INFO : The problem occurs when it gets the argument. It accepts the argument without checking out its length, and this causes
the problem.
It seems that this vulnerability also applies to RedHat Linux 6.2beta, the latest version. [loveyou@loveyou SOURCES]$ dump -f a `perl -e 'print "x" x 556'` DUMP: Date of this level 0 dump: Mon Feb 28 14:45:01 2000 DUMP: Date of last level dump: the epoch DUMP: Dumping
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx to a
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: ÆÄÀÏ À̸§ÀÌ ³Ê¹« ±é´Ï´Ù while opening filesystem
DUMP: SIGSEGV: ABORTING! Segmentation fault [loveyou@loveyou SOURCES]$ dump -f a `perl -e 'print "loveyou" x 556'` DUMP: SIGSEGV: ABORTING! Segmentation fault <= occur ctime4() How to fix ---------- patch : [root@loveyou SOURCES]# diff -ru dump-0.4b13/dump/main_orig.c
dump-0.4b13/dump/main.c
--- dump-0.4b13/dump/main_orig.c Mon Feb 28 14:40:01 2000
+++ dump-0.4b13/dump/main.c Mon Feb 28 14:40:57 2000
@@ -273,6 +273,9 @@
exit(X_STARTUP);
}
disk = *argv++;
+ if ( strlen(disk) > 255 )
+ exit(X_STARTUP);
+
argc--;
if (argc >= 1) {
(void)fprintf(stderr, "Unknown arguments to dump:");
hot fix :
it is recommended that the suid bit is
removed from dump using command :
chmod a-s /sbin/dump
- Yong-jun, Kim -
e - mail : loveyou () hackerslab org s96192 () ce hannam ac kr
homepage : http://www.hackerslab.org http://ce.hannam.ac.kr/~s96192
Current thread:
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Brett Lymn (Feb 29)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Joe Shaw (Mar 01)
- <Possible follow-ups>
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow H D Moore (Feb 29)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 01)
- Foundry Networks ServerIron sequence predictability fix soon to be available Andrew van der Stock (Mar 01)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Przemyslaw Frasunek (Mar 01)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Ronald Huizer (Mar 04)
- OpenLinux 2.3: rpm_query harikiri (Mar 04)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Eugene Teo (Mar 02)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 02)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Przemyslaw Frasunek (Mar 03)
- Potential security problem with mtr Viktor Fougstedt (Mar 03)
- Re: Potential security problem with mtr LaMont Jones (Mar 03)
- Re: Potential security problem with mtr Viktor Fougstedt (Mar 03)
- [RHSA-2000:006-01] New nmh packages available bugzilla () REDHAT COM (Mar 06)
- Microsoft Security Bulletin (MS00-015) Microsoft Product Security (Mar 06)
- @Stake Advisory: Microsoft Office 2000 ClipArt Vulnerablity Weld Pond (Mar 07)
- Re: @Stake Advisory: Microsoft Office 2000 ClipArt Vulnerablity Dustin Miller (Mar 07)
- Re: @Stake Advisory: Microsoft Office 2000 ClipArt Vulnerablity Weld Pond (Mar 08)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 02)