Re: uugetty mgetty also...

[Andrew Sharpe <asharpe () caldera com>]

Note that you are already root, the same as you were for OpenServer.
In OpenServer, getty looks like this:

$ ls -lL /etc/getty
---x------   1 bin      bin        59128 Jun  1  2001 /etc/getty
$

So, currently, I don't know how this could be exploited. It might be
more fruitful if you tried these tests as "nouser". It is true,
however, that getty does have a buffer overflow the way you invoked
it, and for that reason it needs to be fixed, and will be.

        Andrew


On Mon, Dec 03, 2001 at 06:09:21PM -0500, KF wrote:
> Ok this is about down to shits and giggles...I would assume about
> anything 
> with getty in its name COULD have the same issue... how this is
> abused... 
> who knows at the moment...But these also suffer from the command line
> overflow. 
>
> [root@linux elguapo]# uugetty `perl -e 'print "A"x 9000'`
> Segmentation fault (core dumped)
>
> [root@linux elguapo]# mgetty `perl -e 'print "A"x 9000'`
> Segmentation fault (core dumped)
>
>
> -KF
>
>
> KF wrote:
> > Why do we care... because I am joe schmoe_cant_code_a_lick_of_c and I
> > make retarded mistakes
> > in my code. (Stupid examples follow).
> > #include <stdio.h>
> > void main(int *argc, char **argv)
> > {
> >         char *runme[2];
> >         setuid(0);
> >         setgid(0);
> >         runme[0] = argv[1];
> >         runme[1] = 0;
> >         execve("/sbin/getty", runme, 0);
> > }
> >
> > For that matter...m4 is a userland non-privileged level program ... yet
> > it led to a man exploit.
> > Flames > /dev/null ... comments welcome.
> >
> > -KF
> >
> > fish stiqz wrote:
> > > My question.. why do we care if a userland non-privileged program has
> > > a trivial buffer overflow vulnerability?  This seems like a complete
> > > waste of time.  Who cares???!?!?!
> > >
> > > --
> > > fish stiqz <fish () synnergy net>
> > > Synnergy Networks: http://www.synnergy.net/