Bugtraq mailing list archives
Re: [ Hackerslab bug_paper ] Linux dump buffer overflow
From: super () UDEL EDU (Derek Callaway)
Date: Thu, 2 Mar 2000 15:48:05 -0500
On Fri, 3 Mar 2000, Eugene Teo wrote:
server running Redhat 6.1 doesn't seem to be vulnerable to this. Like
Not true -- RedHat is vulnerable. The example given by KimYongJun shows an overflow with only 556 characters. 556 bytes doesn't seem to overflow the RedHat version of dump; it only produces a filename too long error as you stated. This causes a Segmentation fault on my RedHat 6.1 machine: [super@white super]$ rpm -qf /sbin/dump dump-0.4b4-11 [super@white super]$ /sbin/dump -0 `perl -e 'print "a"x1024;'` DUMP: SIGSEGV: ABORTING! Segmentation fault According to http://rpmfind.net/linux/RPM/redhat/6.1/i386/dump-0.4b4-11.i386.html, dump-0.4b4-11 is the version of dump that is distributed with RedHat 6.1. I believe this overflow is rather difficult to exploit, (although, not impossible) as a result of a setuid(getuid()) before the offending code and the signal handler for SIGSEGV. <snip> -- /* Derek Callaway <super () udel edu> char *sites[]={"http://www.geekwise.com", Programmer; CE Net, Inc. "http://www.freezersearch.com/index.cfm?aff=dhc", (302) 837-8769 "http://www.homeworkhelp.org",0}; S@IRC */
Current thread:
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Brett Lymn (Feb 29)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Joe Shaw (Mar 01)
- <Possible follow-ups>
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow H D Moore (Feb 29)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 01)
- Foundry Networks ServerIron sequence predictability fix soon to be available Andrew van der Stock (Mar 01)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Przemyslaw Frasunek (Mar 01)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Ronald Huizer (Mar 04)
- OpenLinux 2.3: rpm_query harikiri (Mar 04)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Eugene Teo (Mar 02)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 02)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Przemyslaw Frasunek (Mar 03)
- Potential security problem with mtr Viktor Fougstedt (Mar 03)
- Re: Potential security problem with mtr LaMont Jones (Mar 03)
- Re: Potential security problem with mtr Viktor Fougstedt (Mar 03)
- [RHSA-2000:006-01] New nmh packages available bugzilla () REDHAT COM (Mar 06)
- Microsoft Security Bulletin (MS00-015) Microsoft Product Security (Mar 06)
- @Stake Advisory: Microsoft Office 2000 ClipArt Vulnerablity Weld Pond (Mar 07)
- Re: @Stake Advisory: Microsoft Office 2000 ClipArt Vulnerablity Dustin Miller (Mar 07)
- Re: @Stake Advisory: Microsoft Office 2000 ClipArt Vulnerablity Weld Pond (Mar 08)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 02)
- Problem with MacOS 9 Multiple Users and Netware AFP Don Lambert (Mar 03)