Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /usr/bin/addresses seg fault

From: Sebastian Krahmer <krahmer () suse de>
Date: Mon, 25 Mar 2002 14:55:39 +0100 (CET)
On Fri, 22 Mar 2002, Blue R wrote:

Hi,

-rwxr-xr-x    1 root     root         8232 Sep 20  2001 /usr/bin/addresses

/usr/bin/addresses binary belongs to the pilot-link package but it is
neither +s nor does it run as daemon. So even if there is
an overflow inside it is of no use for attackers.

regards,
Sebastian


Hi,
      I am using 2.4.10 and SuSE 7.1, the binary 'addresses' does not give much information with no version options 
or man page etc. But it has the following behaviour:

r@blue:~ > addresses
usage:addresses /dev/cua??

r@blue:~ >addresses `perl -e 'print "A" x 131'`
pi_bind: No such file or directory

r@blue:~ >addresses `perl -e 'print "A" x 132'`
Segmentation fault

r@blue:~ >gdb ./addresses
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-suse-linux"...(no debugging symbols found)...
(gdb) set args `perl -e 'print "A" x 132'`
(gdb) r
Starting program: /home/r/AUDIT/TEST/./addresses `perl -e 'print "A" x 132'`
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols 
found)...
Program received signal SIGSEGV, Segmentation fault.
0x400afdbb in getenv () from /lib/libc.so.6
(gdb) info reg
eax            0xbf004141       -1090502335
ecx            0x8049ff0        134520816
edx            0x4950   18768
ebx            0x40198828       1075415080
esp            0xbffeee94       0xbffeee94
ebp            0xbffeeebc       0xbffeeebc
esi            0xbffff500       -1073744640
edi            0x4002a622       1073915426
eip            0x400afdbb       0x400afdbb
eflags         0x210286 2163334
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x0      0
fctrl          0x37f    895
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x23     35
fioff          0x4086106b       1082527851
foseg          0x2b     43
fooff          0xbfffec18       -1073746920
fop            0x518    1304

Regards,
B.





-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team
~
Previous By Date Next
Previous By Thread Next

Current thread: