Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: sadc Segmentation Fault

sadc Segmentation Fault

From: smackenz <smackenz_at_brad.ac.uk>
Date: Mon, 3 Dec 2001 22:36:54 +0000

Bug with Command:: sadc
Located:: /usr/lib/sa/sadc

Date: Mon Dec 3 21:01:19 GMT 2001
Program: sadc (/usr/lib/sa/sadc)
Problem: Segmentation fault

DESCRIPTION (from man)
       The sadc command samples system data a specified number of
       times ( count ) at a specified interval measured in sec­
       onds ( interval ).
       The sadc command is intended to be used as a backend to
       the sar command.
       The proc filesystem must be mounted for the sadc command to work.

       /var/log/sa/sadd --> daily report file.

I don't know much about this command except it is run with system level
privileges by executing /usr/lib/sa/sadc [if you have it on your system].

I'm not sure if this command is occasionally run by root from a default
install (i.e redhat 7.1) since I have had not time at all to look into it.
If anyone knows more about the system usage of this program, there comments
would be greatly appreciated.

See below for shell examples.

-----------------------------------------------
[smackenz_at_mainframe smackenz]$ id
uid=1001(smackenz) gid=1001(smackenz) groups=1001(smackenz)

[smackenz_at_mainframe smackenz]$ /usr/lib/sa/sadc
Cannot open /var/log/sa/sa03: Permission denied
<log files.....>

smackenz_at_mainframe smackenz]$ ps aux |grep sadc
smackenz 1608 0.0 0.2 1732 592 pts/1 R 21:14 0:00 grep sadc
<not running at all....>

Following this as user 'smackenz' I carried out the following commands:

[smackenz_at_mainframe smackenz]$ /usr/lib/sa/sadc `perl -e 'print "A" x 200'`
[smackenz_at_mainframe smackenz]$ /usr/lib/sa/sadc `perl -e 'print "A" x 210'`
[smackenz_at_mainframe smackenz]$ /usr/lib/sa/sadc `perl -e 'print "A" x 220'`
[smackenz_at_mainframe smackenz]$ /usr/lib/sa/sadc `perl -e 'print "A" x 230'`
[smackenz_at_mainframe smackenz]$ /usr/lib/sa/sadc `perl -e 'print "A" x 240'`
[smackenz_at_mainframe smackenz]$ /usr/lib/sa/sadc `perl -e 'print "A" x 250'`
[smackenz_at_mainframe smackenz]$ /usr/lib/sa/sadc `perl -e 'print "A" x 260'`
Cannot open
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:
File name too long
[smackenz_at_mainframe smackenz]$ /usr/lib/sa/sadc `perl -e 'print "A" x 270'`
Cannot open
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:
File name too long

etc.... until

[smackenz_at_mainframe smackenz]$ /usr/lib/sa/sadc `perl -e 'print "A" x 290'`
Segmentation fault (core dumped)

-------------------------------------------------------

Later
Scott.
Received on Dec 04 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos