Tried this on NetBSD-current (i386)
syntax was: /usr/libexec/getty `perl -e 'print "A" x 9000'`
and all I got was a login prompt. looks safe to say that NetBSD does not
have this problem.
On Mon, Dec 03, 2001 at 01:33:58PM -0500, KF wrote:
> Getty is also vuln. Tested on Mandrake 8 and SCO unix 5.0.5
>
> [elguapo_at_linux elguapo]$ /sbin/mingetty `perl -e 'print "A" x 9000'`
> Segmentation fault (core dumped)
> [elguapo_at_linux elguapo]$ /sbin/getty `perl -e 'print "A" x 9000'`
> Segmentation fault (core dumped)
> [elguapo_at_linux elguapo]$ uname -a
> Linux linux.ckfr.com 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686
> unknown
> [elguapo_at_linux elguapo]$ cat /etc/redhat-release
> Linux Mandrake release 8.0 (Traktopel) for i586
>
> # /etc/getty `perl -e 'print "A" x 9000'`
> Memory fault - core dumped
> # uname -a
> SCO_SV unixdev 3.2 5.0.5 i386
>
> root_at_sco.checkfree.com #/etc/getty `perl -e 'print "A" x 9000'`
> Memory fault - core dumped
> root_at_sco.checkfree.com #uname -a
> SCO_SV sco 3.2 5.0.6 i386
>
> Getty:
> Program received signal SIGSEGV, Segmentation fault.
> 0x40058b66 in getenv () from /lib/libc.so.6
> (gdb) bt
> #0 0x40058b66 in getenv () from /lib/libc.so.6
> #1 0x400a6bb3 in _IO_file_close_it () from /lib/libc.so.6
> #2 0x400ab1f5 in mallopt () from /lib/libc.so.6
> #3 0x400a716d in malloc () from /lib/libc.so.6
> #4 0x4009998e in fopen () from /lib/libc.so.6
> #5 0x0804d029 in send ()
> #6 0x41414141 in ?? ()
> Cannot access memory at address 0x41414141
>
> mingetty:
> Starting program: /sbin/mingetty `perl -e 'print "A" x 9000'`
> (no debugging symbols found)...
> Program received signal SIGSEGV, Segmentation fault.
> 0x4007bab7 in vfprintf () from /lib/libc.so.6
> (gdb) bt
> #0 0x4007bab7 in vfprintf () from /lib/libc.so.6
> #1 0x40097722 in vsprintf () from /lib/libc.so.6
> #2 0x08048ec9 in alarm ()
> #3 0x41414141 in ?? ()
> Cannot access memory at address 0x41414141
>
> -KF
>
>
> smackenz wrote:
> >
> > *nix Issue - Anyone with 'mingetty':
> >
> > After all the vi overflows, and wu-ftpd etc recently I thought I would have a
> > sniff around a default redhat 7.1 box too see what I could find. Anyway I
> > managed to dump core on /sbin/mingetty and thought it would be worth
> > reporting:
> >
> > See below for the shell out:
> >
> > [m0le_at_mainframe m0le]$ /sbin/mingetty `perl -e 'print "A"x9000'`
> > Segmentation fault (core dumped)
> > [m0le_at_mainframe m0le]$ id
> > uid=500(m0le) gid=500(m0le) groups=500(m0le)
> >
> > (standard user account)
> >
> > This only works by doing this:
> >
> > /sbin/mingetty `perl -e 'print "A"x9000'`
> >
> > when I did the following:
> >
> > [m0le_at_mainframe m0le]$ cd /sbin
> > [m0le_at_mainframe /sbin]$ ./mingetty `perl -e 'print "A"x9000'`
> > Segmentation fault
> > [m0le_at_mainframe /sbin]$
> >
> > No core dump.... It doesn't seem to dump in the sbin directory, however I've
> > successfully dumped from several other dir's.
> >
> > I am running a RedHat7.1. I would appreciate some feedback from other
> > distros whith mingetty running.
> >
> > Thanks
> >
> > Scott Mackenzie.
--
/~\ The ASCII Sean Davis
\ / Ribbon Campaign aka dive-o
X Against HTML
/ \ Email! dive_at_endersgame.net
Received on Dec 03 2001
Intro
