Re: core dump on mingetty and getty

[Sean Davis <dive () endersgame net>]

Tried this on NetBSD-current (i386)
syntax was: /usr/libexec/getty `perl -e 'print "A" x 9000'`
and all I got was a login prompt. looks safe to say that NetBSD does not
have this problem.

On Mon, Dec 03, 2001 at 01:33:58PM -0500, KF wrote:
> Getty is also vuln. Tested on Mandrake 8 and SCO unix 5.0.5 
>
> [elguapo@linux elguapo]$ /sbin/mingetty `perl -e 'print "A" x 9000'`
> Segmentation fault (core dumped)
> [elguapo@linux elguapo]$ /sbin/getty `perl -e 'print "A" x 9000'`
> Segmentation fault (core dumped)
> [elguapo@linux elguapo]$ uname -a
> Linux linux.ckfr.com 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686
> unknown
> [elguapo@linux elguapo]$ cat /etc/redhat-release
> Linux Mandrake release 8.0 (Traktopel) for i586
>
> # /etc/getty `perl -e 'print "A" x 9000'`
> Memory fault - core dumped
> # uname -a
> SCO_SV unixdev 3.2 5.0.5 i386
>
> root () sco checkfree com #/etc/getty `perl -e 'print "A" x 9000'`
> Memory fault - core dumped
> root () sco checkfree com #uname -a
> SCO_SV sco 3.2 5.0.6 i386
>
> Getty:
> Program received signal SIGSEGV, Segmentation fault.
> 0x40058b66 in getenv () from /lib/libc.so.6
> (gdb) bt
> #0  0x40058b66 in getenv () from /lib/libc.so.6
> #1  0x400a6bb3 in _IO_file_close_it () from /lib/libc.so.6
> #2  0x400ab1f5 in mallopt () from /lib/libc.so.6
> #3  0x400a716d in malloc () from /lib/libc.so.6
> #4  0x4009998e in fopen () from /lib/libc.so.6
> #5  0x0804d029 in send ()
> #6  0x41414141 in ?? ()
> Cannot access memory at address 0x41414141
>
> mingetty:
> Starting program: /sbin/mingetty `perl -e 'print "A" x 9000'`
> (no debugging symbols found)...
> Program received signal SIGSEGV, Segmentation fault.
> 0x4007bab7 in vfprintf () from /lib/libc.so.6
> (gdb) bt
> #0  0x4007bab7 in vfprintf () from /lib/libc.so.6
> #1  0x40097722 in vsprintf () from /lib/libc.so.6
> #2  0x08048ec9 in alarm ()
> #3  0x41414141 in ?? ()
> Cannot access memory at address 0x41414141
>
> -KF 
>
>
> smackenz wrote:
> > *nix Issue - Anyone with 'mingetty':
> >
> > After all the vi overflows, and wu-ftpd etc recently I thought I would have a
> > sniff around a default redhat 7.1 box too see what I could find.  Anyway I
> > managed to dump core on /sbin/mingetty and thought it would be worth
> > reporting:
> >
> > See below for the shell out:
> >
> > [m0le@mainframe m0le]$ /sbin/mingetty `perl -e 'print "A"x9000'`
> > Segmentation fault (core dumped)
> > [m0le@mainframe m0le]$ id
> > uid=500(m0le) gid=500(m0le) groups=500(m0le)
> >
> > (standard user account)
> >
> > This only works by doing this:
> >
> > /sbin/mingetty `perl -e 'print "A"x9000'`
> >
> > when I did the following:
> >
> > [m0le@mainframe m0le]$ cd /sbin
> > [m0le@mainframe /sbin]$ ./mingetty `perl -e 'print "A"x9000'`
> > Segmentation fault
> > [m0le@mainframe /sbin]$
> >
> > No core dump....  It doesn't seem to dump in the sbin directory, however I've
> > successfully dumped from several other dir's.
> >
> > I am running a RedHat7.1.  I would appreciate some feedback from other
> > distros whith mingetty running.
> >
> > Thanks
> >
> > Scott Mackenzie.

-- 
/~\ The ASCII                       Sean Davis
\ / Ribbon Campaign                 aka dive-o
 X  Against HTML
/ \ Email!                      dive () endersgame net