Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: [ Hackerslab bug_paper ] Linux dump buffer overflow

Re: [ Hackerslab bug_paper ] Linux dump buffer overflow

From: Eugene Teo <eugeneteo_at_EUGENETEO.NET>
Date: Fri, 3 Mar 2000 00:16:45 +0800

server running Redhat 6.1 doesn't seem to be vulnerable to this. Like
NetBSD, It just returns a filename too long error.

anyhow, i remove the suid bit from dump. 

--
Eugene Teo - http://www.eugeneteo.net - http://linux.com.sg
Email: eugeneteo_at_eugeneteo.net, eugeneteo_at_linux.com.sg
----- Original Message -----
From: ±è¿ëÁØ KimYongJun (99Á¹¾÷) <s96192_at_CE.HANNAM.AC.KR>
To: <BUGTRAQ_at_SECURITYFOCUS.COM>
Sent: Monday, February 28, 2000 2:17 PM
Subject: [ Hackerslab bug_paper ] Linux dump buffer overflow
> [ Hackerslab bug_paper ] Linux dump buffer overflow
>
>
> File   :   /sbin/dump
>
> SYSTEM :   Linux
>
>
> INFO :
>
>
> The problem occurs when it gets the argument.
> It accepts the argument without checking out its length, and this causes
the problem.
>
> It seems that this vulnerability also applies to RedHat Linux 6.2beta,
> the latest version.
>
>
> [loveyou_at_loveyou SOURCES]$ dump  -f a `perl -e 'print "x" x 556'`
>   DUMP: Date of this level 0 dump: Mon Feb 28 14:45:01 2000
>   DUMP: Date of last level  dump: the epoch
>   DUMP: Dumping
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx to a
>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: ÆÄÀÏ À̸§ÀÌ ³Ê¹« ±é´Ï´Ù
while opening filesystem
>   DUMP: SIGSEGV: ABORTING!
> Segmentation fault
>
> [loveyou_at_loveyou SOURCES]$ dump  -f a `perl -e 'print "loveyou" x 556'`
>   DUMP: SIGSEGV: ABORTING!
> Segmentation fault    <=  occur ctime4()
>
>
> How to fix
> ----------
>
> patch :
>
> [root_at_loveyou SOURCES]# diff -ru dump-0.4b13/dump/main_orig.c
dump-0.4b13/dump/main.c
> --- dump-0.4b13/dump/main_orig.c        Mon Feb 28 14:40:01 2000
> +++ dump-0.4b13/dump/main.c     Mon Feb 28 14:40:57 2000
> @@ -273,6 +273,9 @@
>                 exit(X_STARTUP);
>         }
>         disk = *argv++;
> +        if ( strlen(disk) > 255 )
> +           exit(X_STARTUP);
> +
>         argc--;
>         if (argc >= 1) {
>                 (void)fprintf(stderr, "Unknown arguments to dump:");
>
>
>
> hot fix :
> it  is recommended that  the suid bit is
> removed from dump using command :
>
>     chmod a-s /sbin/dump
>
>
>
>
> - Yong-jun, Kim -
> e - mail : loveyou_at_hackerslab.org       s96192_at_ce.hannam.ac.kr
> homepage : http://www.hackerslab.org    http://ce.hannam.ac.kr/~s96192
Received on Mar 01 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos