Note that you are already root, the same as you were for OpenServer.
In OpenServer, getty looks like this:
$ ls -lL /etc/getty
---x------ 1 bin bin 59128 Jun 1 2001 /etc/getty
$
So, currently, I don't know how this could be exploited. It might be
more fruitful if you tried these tests as "nouser". It is true,
however, that getty does have a buffer overflow the way you invoked
it, and for that reason it needs to be fixed, and will be.
Andrew
On Mon, Dec 03, 2001 at 06:09:21PM -0500, KF wrote:
> Ok this is about down to shits and giggles...I would assume about
> anything
> with getty in its name COULD have the same issue... how this is
> abused...
> who knows at the moment...But these also suffer from the command line
> overflow.
>
> [root_at_linux elguapo]# uugetty `perl -e 'print "A"x 9000'`
> Segmentation fault (core dumped)
>
> [root_at_linux elguapo]# mgetty `perl -e 'print "A"x 9000'`
> Segmentation fault (core dumped)
>
>
> -KF
>
>
> KF wrote:
> >
> > Why do we care... because I am joe schmoe_cant_code_a_lick_of_c and I
> > make retarded mistakes
> > in my code. (Stupid examples follow).
> > #include <stdio.h>
> > void main(int *argc, char **argv)
> > {
> > char *runme[2];
> > setuid(0);
> > setgid(0);
> > runme[0] = argv[1];
> > runme[1] = 0;
> > execve("/sbin/getty", runme, 0);
> > }
> >
> > For that matter...m4 is a userland non-privileged level program ... yet
> > it led to a man exploit.
> > Flames > /dev/null ... comments welcome.
> >
> > -KF
> >
> > fish stiqz wrote:
> > >
> > > My question.. why do we care if a userland non-privileged program has
> > > a trivial buffer overflow vulnerability? This seems like a complete
> > > waste of time. Who cares???!?!?!
> > >
> > > --
> > > fish stiqz <fish_at_synnergy.net>
> > > Synnergy Networks: http://www.synnergy.net/
>
Received on Dec 04 2001
Intro
