Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

the joke continue

From: Izik <izik () tty64 org>
Date: Mon, 12 Nov 2001 11:40:22 +0200
Hello
after looking on the vim buffer overflow, i couldn't wonder what if other editors will be bugged as well. to my suprise i've found 3 more programs (mcedit, ed, joe). but then again none of them are suid. so it's harmless. 

(root@izik [~])# uname -a
Linux izik 2.2.19 #93 Thu Jun 21 01:09:03 PDT 2001 i686 unknown
(root@izik [~])# cat /etc/slackware-version
8.0.0 (åtta)
(root@izik [~])#

[mcedit (part of The Midnight Commander 4.5.51)]

(root@izik [~])# ls -la /usr/bin/mcedit
lrwxrwxrwx 1 root root 2 Jul 2 17:50 /usr/bin/mcedit -> mc* 
(root@izik [~])#
i've found one segfault, buffer should be at least 4048 bytes. i couldn't managed to debug it trough gdb 
from obvsious reasons. (ncourses)

[ed (no idea what version)]

(root@izik [~])# ls -al /bin/ed
-rwxr-xr-x    1 root     bin         67396 May 31 00:17 /bin/ed*
(root@izik [~])#

i've found 4 segfaults. for diff functions via diff buffers.

(segfault #1 , 4100 - 4140)
Program received signal SIGSEGV, Segmentation fault.
chunk_free (ar_ptr=0x4012acc0, p=0x805b318) at malloc.c:3083
3083    malloc.c: No such file or directory.

(segfault #2 , 4141 - 4152)
Program received signal SIGSEGV, Segmentation fault.
__libc_free (mem=0x41414141) at malloc.c:3039
3039    malloc.c: No such file or directory.

(segfault #3 , 4153 - 4175)
Program received signal SIGSEGV, Segmentation fault.
0x4008c1f6 in _IO_old_fclose (fp=0x805b320) at oldiofclose.c:55
55      oldiofclose.c: No such file or directory.

(segfault #4 , 4176 - .... )
Program received signal SIGSEGV, Segmentation fault.
0x4008c1f6 in _IO_old_fclose (fp=0x805b320) at oldiofclose.c:55
55      oldiofclose.c: No such file or directory.

[joe (v2.9.5)]

(root@izik [~])# ls -al /usr/bin/joe
-rwxr-xr-x    1 root     bin        174908 Apr  9  2001 /usr/bin/joe*
(root@izik [~])#
i've pushed ctrl+c after the buffer was procssed, you can segfault on diff. functions dep on your action in the program. 
(segfault #1 , 1024)

(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()

--

izik @ http://www.tty64.org
Previous By Date Next
Previous By Thread Next

Current thread: