Vulnerability Development mailing list archives
Re: Can anyone verify a core dump on /sbin/mingetty
From: Derry Hamilton <derry.hamilton () pa press net>
Date: Tue, 04 Dec 2001 11:47:12 +0000
This appears to be the case with the Debian version as well. It is due to an unprotected strcat in open_tty(void). This is trivially fixed as follows: 163a164
#define BUFLEN 20
165c166 < char buf[20]; ---
char buf[BUFLEN];
166a168
int bufremaining=BUFLEN;
183c185,186 < strcat (buf, tty); ---
bufremaining -= strlen(buf); strncat (buf, tty,bufremaining);
There are unprotected buffers all over the place in mingetty.c, which leads me to conclude that other buffer overflows are very likely.
*nix Issue - Anyone with 'mingetty':
After all the vi overflows, and wu-ftpd etc recently I thought I would have a sniff around a default redhat 7.1 box too see what I could find. Anyway I managed to dump core on /sbin/mingetty and thought it would be worth reporting: [m0le@mainframe /sbin]$ ./mingetty `perl -e 'print "A"x9000'` Segmentation fault [m0le@mainframe /sbin]$
-- Derry Hamilton, rasilon () tardis ed ac uk "I think your cats need tuning - according to a couple of quick measurements on a recently calibrated reference cat, the dominant frequency of a correctly adjusted cat should be 12Hz +/-20%." ===Lionel Lauer on a.s.r===
Current thread:
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping - AGETTY too, (continued)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping - AGETTY too KF (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Jeffrey Denton (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Matias Sedalo (Dec 04)
- Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core Przemyslaw Frasunek (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty jon schatz (Dec 03)
- Message not available
- Re: Can anyone verify a core dump on /sbin/mingetty jon schatz (Dec 03)
- Message not available
- Re: Can anyone verify a core dump on /sbin/mingetty David Klann (Dec 03)
- RE: Can anyone verify a core dump on /sbin/mingetty Darian Lanx (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty dr john halewood (Dec 04)
- Re: Can anyone verify a core dump on /sbin/mingetty dvdman dvdman (Dec 03)
- Re: Can anyone verify a core dump on /sbin/mingetty Derry Hamilton (Dec 04)