Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

m64config

From: alex medvedev <alexm () pycckue org>
Date: Mon, 17 Jun 2002 11:37:34 -0500 (CDT)
hallo,

the following happens on solaris sparc 7 and 9, did not test others.
by supplying an invalid resolution ("1" in this case) the suid binary 
generates a bus error. 
i wonder if it is exploitable because i do not see a way of overwriting 
any memory...

# uname -a
SunOS solaris9 5.9 Generic sun4u sparc SUNW,Ultra-5_10
# ls -l /usr/sbin/m64config
-r-sr-xr-x   1 root     bin        28816 Jan 29 12:53 /usr/sbin/m64config
# /usr/sbin/m64config -res 1
m64config: Ambigous value for -res option. Possible values are: 
1024x768x87, 1024x768x60, 1024x768x70, 1024x768x75, 1280x1024x75, 
1024x768x85, 1280x1024x60, 1152x900x66, 1152x900x76, 1280x1024x67, 
1600x1280x76, 1920x1080x72, 1280x800x76, 1440x900x76, 1600x1000x66, 
1600x1000x76, 1920x1200x70, 1280x1024x85, 1280x1024x76, 1152x864x75, 
1600x1200x75, 1600x1200x60, 1024x768x85, 1152, 1280, 1024x768, 1280x1024, 
1152x900, 1600x1280, 1920x1080, 1600x1000, 1920x1200, 1600x1200.

Bus Error - core dumped



-alexm
Previous By Date Next
Previous By Thread Next

Current thread: