Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [ Hackerslab bug_paper ] Linux dump buffer overflow
From: hdm () SECUREAUSTIN COM (H D Moore)
Date: Tue, 29 Feb 2000 20:57:41 -0600


Hi, 

Confirmed this on SuSE 6.2.  The magic number of bytes is 347.  Dump is
not su/gid so this seems to be more of an annoyance than a security
issue for SuSE boxen (not sure of others).

-HD

"±è¿ëÁØ KimYongJun (99Á¹¾÷)" wrote:

[ Hackerslab bug_paper ] Linux dump buffer overflow

File   :   /sbin/dump

SYSTEM :   Linux

INFO :

The problem occurs when it gets the argument.
It accepts the argument without checking out its length, and this causes the problem.

It seems that this vulnerability also applies to RedHat Linux 6.2beta,
the latest version.

[loveyou () loveyou SOURCES]$ dump  -f a `perl -e 'print "x" x 556'`
  DUMP: Date of this level 0 dump: Mon Feb 28 14:45:01 2000
  DUMP: Date of last level  dump: the epoch
  DUMP: Dumping 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx to a
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
 ÆÄÀÏ À̸§ÀÌ ³Ê¹« ±é´Ï´Ù while opening filesystem
  DUMP: SIGSEGV: ABORTING!
Segmentation fault

[loveyou () loveyou SOURCES]$ dump  -f a `perl -e 'print "loveyou" x 556'`
  DUMP: SIGSEGV: ABORTING!
Segmentation fault    <=  occur ctime4()



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault