Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping - AGETTY too

[KF <dotslash () snosoft com>]

Actually agetty IS vulnerable... it just needed a little more lovin. 

[root@linux elguapo]# agetty `perl -e 'print "A" x 9000'` `perl -e
'print "A" x
 9000'`
Segmentation fault (core dumped)

-KF 


Bill Weiss wrote:
> Scott Mackenzie(smackenz () brad ac uk)@Mon, Dec 03, 2001 at 08:07:50PM +0000:
> > SEE MESSAGE :
> > 'Can anyone verify a core dump on /sbin/mingetty'
> > for the original post
> >
> > The reason why there is no core dump from /sbin is because I didn't have
> > write access - should have noticed that but there you go.
> >
> > Ok, bit more information:
> >
> > This problem is positive in the following systems:
> > * note there could and probably are more but I've only had word of the
> > following systems being tested
> >
> > Red-Hat 6.0 onwards (not tested any before) upto and including 7.2
> > Mandrake 8.0 2.4.3-20mdksmp (presumably similar to redhat here)
> > turbolinux 6.0
> > SCO unix 5.0.5
> >
> > (this information was quickly gathered by several people; thanks everyone)
>
> Slackware 7.0 (maybe 8.0) uses agetty, which is not vunerable, as far as I can tell.
> It just spits out a usage error.
>
> -- Bill Weiss