Vulnerability Development mailing list archives
Re: uugetty mgetty also...
From: Andrew Sharpe <asharpe () caldera com>
Date: Mon, 3 Dec 2001 16:48:18 -0800
Note that you are already root, the same as you were for OpenServer. In OpenServer, getty looks like this: $ ls -lL /etc/getty ---x------ 1 bin bin 59128 Jun 1 2001 /etc/getty $ So, currently, I don't know how this could be exploited. It might be more fruitful if you tried these tests as "nouser". It is true, however, that getty does have a buffer overflow the way you invoked it, and for that reason it needs to be fixed, and will be. Andrew On Mon, Dec 03, 2001 at 06:09:21PM -0500, KF wrote:
Ok this is about down to shits and giggles...I would assume about anything with getty in its name COULD have the same issue... how this is abused... who knows at the moment...But these also suffer from the command line overflow. [root@linux elguapo]# uugetty `perl -e 'print "A"x 9000'` Segmentation fault (core dumped) [root@linux elguapo]# mgetty `perl -e 'print "A"x 9000'` Segmentation fault (core dumped) -KF KF wrote:Why do we care... because I am joe schmoe_cant_code_a_lick_of_c and I make retarded mistakes in my code. (Stupid examples follow). #include <stdio.h> void main(int *argc, char **argv) { char *runme[2]; setuid(0); setgid(0); runme[0] = argv[1]; runme[1] = 0; execve("/sbin/getty", runme, 0); } For that matter...m4 is a userland non-privileged level program ... yet it led to a man exploit. Flames > /dev/null ... comments welcome. -KF fish stiqz wrote:My question.. why do we care if a userland non-privileged program has a trivial buffer overflow vulnerability? This seems like a complete waste of time. Who cares???!?!?! -- fish stiqz <fish () synnergy net> Synnergy Networks: http://www.synnergy.net/
Current thread:
- Re: core dump on mingetty and getty KF (Dec 03)
- Re: core dump on mingetty and getty Michal Zalewski (Dec 03)
- uugetty mgetty also... KF (Dec 03)
- Re: uugetty mgetty also... Andrew Sharpe (Dec 03)
- Re: uugetty mgetty also... Rodrigo Barbosa (Dec 04)
- Message not available
- Re: uugetty mgetty also... Rodrigo Barbosa (Dec 05)
- sadc Segmentation Fault smackenz (Dec 03)