Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Segfault in login on debian potatoR2

From: Charles Stevenson <core () EZLINK COM>
Date: Sat, 10 Mar 2001 15:28:28 -0700
Mike Fedyk wrote:


I don't know if this could be exploited is any way, but here's something
that I've seen.  This is on x86 on two machines and a ppc g3.

#su
#login
login:
^D
Segmentation fault

Maybe you guys can check this more.


Tested on debian ppc and couldn't get it to segfault.. I just get invalid
login... but on Yellow Dog (RH 6.2 derivative) it does:

[csteven@ash csteven]$ cat /etc/redhat-release
Champion Server release 1.2
[csteven@ash csteven]$ login
login: ^D
login: ^D
Segmentation fault

Also the `su' isn't needed for me to segfault it.

On my x86 debian box:
core@devastator:~$ cat /etc/debian_version
testing/unstable
core@devastator:~$ login
No utmp entry.  You must exec "login" from the lowest level "sh"

And another deb x86:

[-(core@pantera:~)> login
No utmp entry.  You must exec "login" from the lowest level "sh"
[-(core@pantera:~)> cat /etc/debian_version
2.2

Best Regards,
Charles "core" Stevenson



Mike

--
To UNSUBSCRIBE, email to debian-security-request () lists debian org
with a subject of "unsubscribe". Trouble? Contact
listmaster () lists debian org
Previous By Date Next
Previous By Thread Next

Current thread: