hi all
I also tested succeed on solaris 9 which patched lastest patch.(Kernel version: SunOS 5.9 Generic 118558-02 Jan 2005).
It coredumped a executable file which can NOT be read.i think this is a vulnerability.
> hi ,dear friends:
>
> I have tested succeed on solaris 8
> Executable file(can't read) can be coredumped .
> Bug I don't know whether it is still exist or not.
>
>
> [alert7_at_Solaris8 solaris]$ uname -a
> SunOS Solaris8 5.8 Generic_108528-29 sun4u sparc SUNW,Ultra-5_10
>
> COREDUMP enable
> example
>
> [alert7_at_Solaris8 alert7]$ ls -la test
> --wx--x--x 1 root pubcvs 6344 Aug 16 11:27 test
> [alert7_at_Solaris8 alert7]$ id
> uid=108(alert7) gid=102(pubcvs)
>
> [alert7_at_Solaris8 alert7]$ ps -ef|grep test
> alert7 440 380 0 13:59:02 pts/2 0:00 ./test ff
> [alert7_at_Solaris8 alert7]$ kill -4 440
> [alert7_at_Solaris8 alert7]$ ./test ff
> Illegal Instruction (core dumped)
>
> [alert7_at_Solaris8 alert7]$ ls -la core
> -rw------- 1 alert7 pubcvs 72192 Aug 17 13:59 core
> [alert7_at_Solaris8 alert7]$ gdb -q -c core
> Core was generated by `./test ff'.
> Program terminated with signal 4, Illegal instruction.
> #0 0xff31b788 in ?? ()
>
> SIGQUIT
> SIGILL
> SIGTRAP
> SIGIOT
> SIGEMT
> SIGFPE
> SIGBUS
> SIGSEGV
> SIGSYS
> SIGXCPU
> SIGXFSZ
>
> these above signal also can cause process coredump if process not set signal handler
>
>
>
--
Best Regards
alert7_at_xfocus.org
XFOCUS Security Team
http://www.xfocus.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Sep 13 2005
Intro
