Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

artsd overflow

From: Fuska <fuska () phreaker net>
Date: Fri, 4 Jan 2002 02:48:53 +0100
-----BEGIN PGP SIGNED MESSAGE-----


  Happy new year.

  Take a look at this:

r00t:~$ ls -las `which artswrapper` `which artsd`
4 -rwsr-xr-x    1 root     root     4048 Dec 28 22:43 /usr/bin/artswrapper*
120 -rwxr-xr-x  1 root     root   117644 Dec 28 22:43 /usr/bin/artsd*


r00t:~$ artsd -m `perl -e 'print "A"x3000'`
Segmentation fault

r00t:~$ gdb artsd
GNU gdb 5.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...(no debugging symbols found)...
(gdb) r -m `perl -e 'print "A"x3000'`
Starting program: /usr/bin/artsd -m `perl -e 'print "A"x3000'`
- - -----------cut--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 11372)]
0x41414141 in ?? ()


r00t:~$ artswrapper -m `perl -e 'print "A"x3000'`

 running as realtime process now (priority 50)

Segmentation fault

  Is this exploitable?


r00t:~$ dpkg -s libarts | grep Version
Version: 4:2.2.2-10

  Using Debian Sid.

- --
Linux registered User #142704                        Clave PGP:
http://www.keyserver.net:11371/pks/lookup?search=Fuska&op=get
Fingerprint = F6B3 B665 95FA B9D0 13FD 72D5 5106 22F7 58BD 7EDE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Vosotros me imponeis la ley del silencio | You are in a dark room with a
 poque teneis miedo de que este, vuestro  | compiler, emacs, an internet
 mundo, no sea el mejor de los mundos     | connection, and a thermos of
 sino el peor, el mas sordido. - Dario Fo | coffe. Your move?


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: 4q2WLd8+MvqQK9xhebZuGUc7ZoVx6F/z

iQA/AwUAPDUKDFEGIvdYvX7eEQK+mwCglluFmjdk/L3YvHl40iUIReX1s+4AoJkm
WvVT8je7pBYymCdaaGbTUr0H
=P17j
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: