Vulnerability Development mailing list archives

Re: uugetty mgetty also...

From: Rodrigo Barbosa <rodrigob () bh conectiva com br>
Date: Tue, 4 Dec 2001 13:45:51 -0200

Reproduced on Conectiva Linux 7.0.

So far:

mingetty: Not vulnerable
getty: Vulnerable
uugetty: Vulnerable
mgetty: Not vulnerable (only root can execute)

And there goes a question: is there any reason to someone other than root 
have execute permission ? mgetty is 700 here.


On Mon, Dec 03, 2001 at 06:09:21PM -0500, KF wrote:

Ok this is about down to shits and giggles...I would assume about
anything 
with getty in its name COULD have the same issue... how this is
abused... 
who knows at the moment...But these also suffer from the command line
overflow. 

[root@linux elguapo]# uugetty `perl -e 'print "A"x 9000'`
Segmentation fault (core dumped)

[root@linux elguapo]# mgetty `perl -e 'print "A"x 9000'`
Segmentation fault (core dumped)


-- 
 Rodrigo Barbosa                   - rodrigob at bh.conectiva.com.br
 Conectiva S/A                     - Belo Horizonte, MG, Brazil
 "Quis custodiet ipsos custodiet?" - http://www.conectiva.com/

Attachment: _bin
Description:

Current thread:

Re: core dump on mingetty and getty KF (Dec 03)
- Re: core dump on mingetty and getty Michal Zalewski (Dec 03)
- uugetty mgetty also... KF (Dec 03)
  - Re: uugetty mgetty also... Andrew Sharpe (Dec 03)
  - Re: uugetty mgetty also... Rodrigo Barbosa (Dec 04)
    - Message not available
    - Re: uugetty mgetty also... Rodrigo Barbosa (Dec 05)
- sadc Segmentation Fault smackenz (Dec 03)