Vulnerability Development mailing list archives
Re: xmalloc buffer overflow?
From: Syzop <syz () dds nl>
Date: Fri, 09 Nov 2001 20:21:01 +0100
1. You were logged in as root (or as another user and su'd to root) 2. You executed 'su - nobody' 3. You executed the perl command which tried to alloc a lot of memory 4. Your box was out of memory and your shell started at 2 was killed, which brought you back at your rootshell (1). ? Syzop. Robert Freeman wrote:
Can anybody else verify these results? It doesn't matter what `perl -e 'print "." x 90000000'` is appended to, I just chose vi (the vi buffer overflow being my inspiration). Please use the exploit responsibly; also if it is redundant, I apologize. # uname -a Linux linux 2.4.4-4GB #1 Fri May 18 14:11:12 GMT 2001 i686 unknown [I know about the clock...] # id uid=500(nobody) gid=100(users) groups=100(users) # vi `perl -e 'print "." x 90000000'` bash: xmalloc: cannot allocate 90000001 bytes (0 bytes allocated) # id uid=0(root) gid=0(root) groups=0(root),1(bin),14(uucp),15(shadow),16(dialout),17(audio),65534(nogrou p) Robert Freeman
Current thread:
- Vi buffer overflow KF (Nov 08)
- Re: Vi buffer overflow Jose Nazario (Nov 08)
- xmalloc buffer overflow? Robert Freeman (Nov 09)
- Re: xmalloc buffer overflow? dotslash (Nov 09)
- Re: xmalloc buffer overflow? Gwendolynn ferch Elydyr (Nov 09)
- Re: xmalloc buffer overflow? Christoph Moench-Tegeder (Nov 09)
- Re: xmalloc buffer overflow? Syzop (Nov 09)
- Re: xmalloc buffer overflow? Lucian Hudin (Nov 09)
- luser beeing able to kill random root owned procs (linux 2.2.20) ? Lucian Hudin (Nov 09)
- Re: xmalloc buffer overflow? Vasisht Tadigotla (Nov 09)
- Re: xmalloc buffer overflow? Kev (Nov 09)
- Re: xmalloc buffer overflow? dotslash (Nov 09)
- Re: Vi buffer overflow Rob Paisley (Nov 13)
- <Possible follow-ups>
- Re: vi buffer overflow Kaneda Akira (Nov 09)
- Re: vi buffer overflow Emmanuel BENOIT (Nov 09)
- Re: vi buffer overflow Matias Sedalo (Nov 09)
- Re: vi buffer overflow Thomas Graf (Nov 09)
- Re: vi buffer overflow walter valenti (Nov 09)
- Re: vi buffer overflow Emmanuel BENOIT (Nov 09)
(Thread continues...)